Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 101 replies
  • Subscribers 41 subscribers
  • Views 20786 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Firewall: v18.5 MR1: Feedback and experiences

LuCar Toni

V18.5 MR2: https://community.sophos.com/sophos-xg-firewall/b/blog/posts/sophos-firewall-v18-5-mr2-is-now-available

https://community.sophos.com/sophos-xg-firewall/f/discussions/131468/sophos-firewall-v18-5-mr2-feedback-and-experiences

Release V18.5 MR1 Post (326): https://community.sophos.com/sophos-xg-firewall/b/blog/posts/sophos-firewall-v18-5-mr1-is-now-available 

https://docs.sophos.com/releasenotes/index.html?productGroupID=nsg&productID=xg&versionID=18.5

EAP(318) Blog Post: https://community.sophos.com/sophos-xg-firewall/b/blog/posts/sophos-firewall-v185-mr1-eap

"Old" MR3 Thread: https://community.sophos.com/xg-firewall/f/discussions/123403/xg-firewall-v18-mr-3-feedback-and-experiences

"Old" MR4 Thread: https://community.sophos.com/sophos-xg-firewall/f/discussions/124771/xg-firewall-v18-mr-4-feedback-and-experiences

"Old" MR5 Thread: https://community.sophos.com/sophos-xg-firewall/f/discussions/127053/xg-firewall-v18-mr-5-feedback-and-experiences



MR2
[bearbeitet von: LuCar Toni um 7:43 AM (GMT -8) am 30 Nov 2021]
Parents
  • 0

    PS: Try the new DPI Engine Performance. 

  • 0 in reply to LuCar Toni

    Hi,

    currently using DPI for my various access in IP4 and IPv6 rules. The devices I have tested so far are my wife's MAC Air MI running latest firefox and accessing facebook, no apparent issues with my general testing.

    Ipad using FB app and other activities all works vey well.

    MAC Mini intel - appears to have fixed a lot of failing connection issues part the way through downloads from a photo album site and the downloads are very quick eg faster than I can scroll down to see if any entries have failed. Waiting for TOR browser to connect or fail. It has been trying for about 10 minutes so far - should be blocked.

    Question, has the new DPI engine been fixed to work with mail scanning, I will test myself later.

    Tomorrow's and the following days reports will be interesting to see what the date fix has done to the reported data.

    Ian

    There is a tradeoff with using the DPI engine in that you still need web proxy to achieve web site blocking as per the warning when you disable http proxy.



    added comment about still needing web proxy to block some websites.
    [edited by: rfcat_vk at 10:28 AM (GMT -7) on 15 Jul 2021]
  • 0 in reply to LuCar Toni

    What a good update!

    I've enabled back again "security.tls.enable_delegated_credentials", and Firefox is working flawless with Facebook now. (With TLS Decryption.)

    Another thing I noticed, there is much less random TLS errors with Firefox now.

    Thanks!

  • 0 in reply to Prism

    What about the Performance? Can you reflect some improvements? 

  • 0 in reply to LuCar Toni

    I'm a Home User, but doing some generic (flawed) testing the most noticeable thing is TPS, currently It's much faster than v18.0.

    While doing TLS Decryption over a local Nginx server using TLS 1.3 and AES256GCM-SHA384, on a 1 Byte file, the TLS transaction per second went from ~13.200 to around ~18.600. But there's no difference on raw decryption throughput from v18.0.

    Also, the Decryption Limit got lowered on my box, I don't know why; It went from 18.4K to 12.3K.

    For Internet traffic It just "feels faster". (I've didn't looked a lot on this.)

  • 0 in reply to Prism

    The max session is based on RAM available on the Appliance. 

Reply Children