Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 181 replies
  • Answers 1 answer
  • Subscribers 76 subscribers
  • Views 34712 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Firewall: v18.5 MR2: Feedback and experiences

LuCar Toni

https://community.sophos.com/sophos-xg-firewall/b/blog/posts/sophos-firewall-v18-5-mr2-is-now-available

Release Notes: https://docs.sophos.com/releasenotes/output/en-us/nsg/sf_185_rn.html

"Old" V18.5 MR1 Thread: https://community.sophos.com/sophos-xg-firewall/f/discussions/128960/sophos-firewall-v18-5-mr1-feedback-and-experiences/

"Old" V18.0 MR5 Thread: https://community.sophos.com/sophos-xg-firewall/f/discussions/127053/xg-firewall-v18-mr-5-feedback-and-experiences

Please review: https://support.sophos.com/support/s/article/KB-000043489?language=en_US



Prio
[gesperrt von: LuCar Toni um 8:07 AM (GMT -7) am 26 Mar 2022]
  • 0 in reply to jspanitz

    I was able to update to MR2 manually using the links above. I also am using a home use license for my home lab.

  • 0

    I have successfully installed v18.5.2 MR-2-Build380 on my home XG 210 Rev. 2, however, I noticed that the LCD and buttons do not function. Granted they did not function on MR-1 either. Is this expected? The LCD only says "SOPHOS Protection".

  • 0 in reply to Andrew Kapsch1

    If you are saying that you are using the Home edition of XG, then yes that is normal. Home edition doesn't support the dedicated features of an XG UTM, they treat it like generic hardware so none of the 'special' features work.

  • 0 in reply to JasP

    Good to know, I didn't know if there was something wrong with the LCD or if it just wasn't utilized.

  • 0

    Hi folks,

    I have installed this version on my xg115W and it is not working well. I have tried a number of different configurations. The aim was to replace my home XG with this new box. I built a configuration based  on my existing system but with many cleaned up and refined policies and firewall rules. That was a disaster, throughput for speediest max'ed out the line, but web surfing, just did not work at all well, pages took many seconds and sometimes minutes to load and more often timed out leaving online payments in limbo.

    A restart partially fixed the issue but not completely.

    The logviewer showed many failed to associate connection errors.

    I removed over 50% of the configuration and in a lot of cases used the default XG provided policies with my firewall rules. With one user connected works well, while not as quick with page loads as my existing XG, still worked.

    I moved my IoT network across again after refining and reducing the configuration and end up with poor connection times and lots of cannot associate errors in the logviewer.

    So, the conclusion I have come to is that this version of XG software is not suitable for my XG115w with a full business licence.

    My IoT network has 7 wifi devices and 5 fixed devices, which most are not always active or powered on.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Same here, very slow. I have MR2 loaded on my XG210, except with a home license. I only have a couple NAT rules in place.

    Edit: I think for me it was pointing my DNS server to the wrong gateway. I had put the Sophos firewall in side-by-side with my other firewall for a while to do some testing and setup and swapped some of the gateways on my servers around, but didn't flip them back when I made the complete change.

  • 0 in reply to rfcat_vk

    Same here with a XG115w, in reality I just wished the WebUI has a "little" bit faster. (I can make a coffee with the time It takes to create and apply a new WAF Rule.)

    If a post solves your question use the 'Verify Answer' button.

    XG 115w Rev.3 8GB RAM v19.5 MR1 @ Home.

  • 0 in reply to JasP

    Thanks for your answers  and .

    In the meantime we've reinstalled the Intercept X on all Windows Servers, and Admin machines. Fixed already during the installation the heartbeat.xml and the machines had Heartbeat afterwards. As we're did this in the same network, with the same FW rules, this is why I wrote: the clients can reach Central and they can do what they need to pick the new Cert. Also we re-checked DNS communication never had HB requirement.

    We could not fix this on Linux Servers with Heartbeat module and Mac computers by reinstalling the agent. They behave differently.

    Many machines recovered themselves after many hours. For our linux machines: they were 18h offline from heartbeat and then recovered. Unbelievable...

    Yesterday, after wasted 34h with L1 Support this finally got to GES and someone started looking at the firewall.

    Now the suggestion is (what JasP said caused the 2nd HB issue) to reregister once again or simply wait one or two days longer.

    we have found few of the Sophos of the endpoint got regenerated and that has a starting of date of 7th January.  The certificate on the Firewall has the certificate valid from 17th July 2021 to July 22. Which lead to the mismatch of the certificate. 

    deregister the firewall (both) from Sophos Central
    Before registering the appliance clear all the contents from
    /conf/sysfiles/heartbeatd/ using the command below.
    rm -rf /conf/sysfiles/heartbeatd/

    He also mentioned the FW files:

    /conf/heartbeatd/ep_cert.crt
    /conf/heartbeatd/certificate_store.db

    Well, I re-registered the firewall straight after we discovered, that we're having a major HB issue. Of course without deleting some certificates on the firewall.

    What I've checked on the firewall quite early was the server certificate:

    XG430_WP02_SFOS 18.5.2 MR-2-Build380# ls -la /conf/sysfiles/heartbeatd/
drwxrwx---    3 root     heartbea      1024 Jan 10 05:56 .
drwxr-xr-x    7 root     0             1024 Jan  8 09:02 ..
drwxr-xr-x    2 root     heartbea      1024 Jan 10 05:56 ca-certificates
-rw-r-----    1 root     heartbea    699392 Jan 10 05:56 certificate_store.db
-rw-r--r--    1 root     0            57344 Jan 10 03:56 endpoint_store.db
-r--r-----    1 root     0             1667 Jan  8 07:32 server.crt
-r--------    1 root     0             3326 Jan  8 07:32 server.key
-rw-r--r--    1 root     0               54 Jan  8 07:32 sophos-central-customer-info.json
-rw-r--r--    1 root     0             5903 Jan 10 05:56 sophos-central.json

    The Server Certificatre has the new timestamp: Jan  8 07:32 server.crt

    This is matching the upgrade time to SFOS 18.5.2.

    And I have checked that Server Cert externally:

    I wonder why support says, the firewall uses an old certificate. I cannot confirm this as seen above.

    edit: 2022-01-10 09:00
    clients that were offline since the upgrade, including Mac's, are picking the new certificate now after powering on in the network after 2-10 minutes automatically. they create some SSL TLSv1 errors in the heartbeatd log on the FW but then in that time range get green HB after they picked the new cert.

  • 0 in reply to LHerzog

    MR2 did renewal the certificate due strict compliance requirements (FIPS etc.). Which means this was a one time change and not a "each and every upgrade".

    __________________________________________________________________________________________________________________

  • 0 in reply to Prism

    What are we discussing here. Connection delay or Webadmin responsibility? 

    __________________________________________________________________________________________________________________

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?