Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 86 replies
  • Subscribers 46 subscribers
  • Views 18283 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG Firewall v18 MR-5: Feedback and experiences

LuCar Toni

New Thread to cover changes / feedback / experiences about MR5.

MR5 was Re Released. New Build number: 586

"Old" MR3 Thread: https://community.sophos.com/xg-firewall/f/discussions/123403/xg-firewall-v18-mr-3-feedback-and-experiences

"Old" MR4 Thread: https://community.sophos.com/sophos-xg-firewall/f/discussions/124771/xg-firewall-v18-mr-4-feedback-and-experiences

Release Notes: https://community.sophos.com/sophos-xg-firewall/b/blog/posts/xg-firewall-v18-mr5-is-now-available

https://docs.sophos.com/releasenotes/output/en-us/nsg/sf_180_rn.html



This thread was automatically locked due to age.
  • 0 in reply to LuCar Toni

     Only Sophos default scanner is enabled. No change to download size has been made in proxy.

  • 0

    SFOS 18.0.5 MR-5

    The device is on default config as a test with latest firmware.
    Suddenly GUI not accessible and giving below error.

    HTTP ERROR 404
    Problem accessing /webconsole/webpages/pagenotfound.html. Reason:

    Not Found
    Caused by:
    java.lang.NullPointerException
    at org.apache.jsp.webpages.login_jsp._jspService(login_jsp.java:279)
    at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
    at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:873)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1623)
    at org.eclipse.jetty.websocket.server.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:214)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610)
    at cyberoam.utilities.csrf.CSRFCheckFilter.doFilter(CSRFCheckFilter.java:114)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610)
    at cyberoam.sessionmanagement.SessionCheckHelper.filter(SessionCheckHelper.java:100)
    at cyberoam.sessionmanagement.SessionCheckFilter.doFilter(SessionCheckFilter.java:55)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1602)
    at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:540)
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:146)
    at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548)
    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
    at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:257)
    at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1701)
    at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255)
    at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1345)
    at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203)
    at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:480)
    at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1668)
    at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201)
    at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1247)
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144)
    at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:220)
    at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:126)
    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
    at org.eclipse.jetty.server.Server.handle(Server.java:502)
    at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:370)
    at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:267)
    at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:305)
    at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
    at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117)
    at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333)
    at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310)
    at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168)
    at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:126)
    at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:366)
    at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:765)
    at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:683)
    at java.lang.Thread.run(Thread.java:748)
    Powered by Jetty:// 9.4.15.v20190215

  • 0 in reply to LuCar Toni

    The newest App pattern should include the NTP Traffic as correctly verified as NTP. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Is "18.18.25" the latest pattern update for IPS/App?

    Most of my NTP traffic still isn't being identified correctly.

    If a post solves your question use the 'Verify Answer' button.

    XG 115w Rev.3 8GB RAM v19.5 MR1 @ Home.

  • 0 in reply to Prism

    Can you share a screenshot of this traffic? 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    I've only managed to get a single NTP sync identified correctly as NTP App by the Firewall.

    (Interesting enough It has a Windows machine, everything else on the Log Viewer is either Android/Linux/IOS)

    (I've also manually triggered a NTP Sync on two Linux VM, still didn't got identified. (Used both Systemd-timesyncd, and ntpdate))

    Here's how It currently looks in the Log Viewer:

    Will do a packet capture later to see If It's an issue on my end.

    Thanks for the update!

    If a post solves your question use the 'Verify Answer' button.

    XG 115w Rev.3 8GB RAM v19.5 MR1 @ Home.

  • 0 in reply to Prism

    The pattern was released ~12:00. 

    My windows clients are getting correctly verified:

    Whats the client, you are seeing? 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    07:18:13, Jun 15 2021 has the time "18.18.25" got applied on my Firewall. (Different Time-zones.)

    On Linux:

    • SUSE SLES 15.3 VM's (Systemd-Timesyncd) - (Chrony also doesn't get identified.)
    • Arch Linux (Systemd-Timesyncd)

    Both Android 10 & 11.

    Single iPhone 11 on latest IOS.

    EDIT: Only on Windows the NTP Traffic gets identified correctly. (Note: On Windows the Source UDP Port is also 123, meanwhile on everything else It uses >1024 ports.)

    If a post solves your question use the 'Verify Answer' button.

    XG 115w Rev.3 8GB RAM v19.5 MR1 @ Home.

  • 0 in reply to Prism

    Let me get back to the Labs Team to verify this. 

    __________________________________________________________________________________________________________________

  • 0

    HI all,

    Setup a new XG 18.0.5 MR-5 today, found that if I setup "External email server" for notifications, then mails are still picked up by internal MTA. I have deleted the default fw rule for SMTP (Legacy mode).

    What have I missed since the emails are not delivered directly to the external server?

    -----

    Best regards
    Martin

    Sophos XGS 2100 @ Home | Sophos v19 Architect

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?