Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 181 replies
  • Answers 1 answer
  • Subscribers 76 subscribers
  • Views 34749 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Firewall: v18.5 MR2: Feedback and experiences

LuCar Toni

https://community.sophos.com/sophos-xg-firewall/b/blog/posts/sophos-firewall-v18-5-mr2-is-now-available

Release Notes: https://docs.sophos.com/releasenotes/output/en-us/nsg/sf_185_rn.html

"Old" V18.5 MR1 Thread: https://community.sophos.com/sophos-xg-firewall/f/discussions/128960/sophos-firewall-v18-5-mr1-feedback-and-experiences/

"Old" V18.0 MR5 Thread: https://community.sophos.com/sophos-xg-firewall/f/discussions/127053/xg-firewall-v18-mr-5-feedback-and-experiences

Please review: https://support.sophos.com/support/s/article/KB-000043489?language=en_US



Prio
[gesperrt von: LuCar Toni um 8:07 AM (GMT -7) am 26 Mar 2022]
  • 0 in reply to rfcat_vk

    Hi Ian,

    Maybe. For all the XG units I've managed, the only time I've had performance issues is when I've managed to mangle DNS settings (i.e. running internal DNS and having the internal DNS forward to the XG, only for the XG to forward it back to the same servers... doh!). But again, no Web Control nor TLS/SSL inspection load.

    Currently running 18.5.1 MR1. Upgrading to MR2 as I type this.

  • 0 in reply to ChrisKnight

    Hi Chris,

    I fixed a dns issue yesterday, the XG does not hand out IPv6 dns info, but that does not explain the high number of unable to associate packet errors.

    ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Especially SSH should be there, as it is a light weight service. There is something wrong with your appliance. Maybe the disk broken? What kind of XG115 is this? 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    It is a brand new XG115W rev 3.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Did you upgrade or reimage the appliance by arrival? 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Automatic upgrade, no choice.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Does "unable to associate" mean that it's trying to be stateful but it can't find the established connection so its dropping packets? The CPU utilization does seem to be increasing over time, so maybe that indicates some kind of cascading problem. Memory usage seems about what I see (on an XGS87).

    Have you tested it with only one LAN device hooked up -- or through the Console with no devices hooked up? I'm wondering if a defective RJ45 port or something could be hosing you.

  • 0 in reply to LHerzog

    I tried to reproduce this on my test lab. I made a upgrade from V18.0 MR5 to V18.5 MR2. The certificate was renewaled. Heartbeat was blocked for some minutes, until MCS was able to fetch the new policy and all clients (multiple clients and servers) could fetch the new certificate. Firewall rule was ANY - ANY - ANY --> Block without heartbeat. Therefore the client could not communicate to any website anymore. But MCS still works due the whitelisting of SFOS. 

    You could take a look into your mcsagent.log on the client, if you see a delay or an issue of the communication itself (DNS as explained). MCS is the service to fetch the policies from Central. See: https://support.sophos.com/support/s/article/KB-000034886?language=en_US

    Generally speaking, i could not reproduce any kind of issue in this process. 

    __________________________________________________________________________________________________________________

  • 0 in reply to rfcat_vk

    I will re-image it today and report back.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Wayne Folta

    Hi Wayne,

    the graphs are with one device connected. Unable to access the console. I will re-image it today.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?