Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 242 replies
  • Answers 6 answers
  • Subscribers 68 subscribers
  • Views 35410 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Firewall: v19.0 MR1: Feedback and experiences

LuCar Toni

Re-Release: https://community.sophos.com/sophos-xg-firewall/b/blog/posts/sophos-firewall-v19-mr1-re_2d00_release-build-365-is-now-available

https://community.sophos.com/sophos-xg-firewall/b/blog/posts/sophos-firewall-v19-mr1-is-now-available

Release Notes: https://docs.sophos.com/releasenotes/output/en-us/nsg/sf_190_rn.html

"Old" V18.5 MR4 Thread: https://community.sophos.com/sophos-xg-firewall/f/discussions/134965/sophos-firewall-v18-5-mr4-feedback-and-experiences

V19.0 GA Thread: https://community.sophos.com/sophos-xg-firewall/f/discussions/134009/sophos-firewall-v19-0-ga-feedback-and-experiences



This thread was automatically locked due to age.
Parents
  • 0

    I have a really interesting problem with my updated Sophos XG

    Previously i updated to V18.5 MR4 the problem is still exists in SFOS 19.0.1 MR-1-Build365

    The problem:

    WAF is not working reliably, for you to understand after the upgrades i needed to remove any kind of protection policy to make it working again or if i had any interface what didnt have an ip address or disabled and this interface has attached to a WAF policy the whole WAF has stopped working (ALL OF OUR INTERNET FACING WAF RULES)!
    Now if i create a new WAF policy they simply just dont work, they dont respond to any requests!
    One interface that attached to some waf policies is working normally.

    This is happening after reboots or after these upgrades.


    Has anything been changed in the firmware that would affect these?

    The setup is:

    3 WAN

    Example WAF1: #Port1
    Example WAF2: #Port2
    Example WAF2: #Port3


    Now only the Port2 variant working

    if i use curl to try a request just a "Connection refused" what i get.

    This is not happened before V18.5 MR4 or V19

    Thanks for any kind of suggestions about this!

  • 0 in reply to Svigelj Levi1

    Hi,

    I think there's two separate issues here. 

    WAF is based on Apache, and Apache needs an IP address and port combination to bind to. So you cannot have a WAF rule on an interface that doesn't have an IP address, it would result in an incorrect configuration and Apache won't start. That might be what you see.

    The second one, WAF not working until you remove the protection policy might be the result of a known issue, where the WAF configuration becomes corrupt during upgrade or backup/restore if you use static URL hardening, form hardening or cookie signing in the protection policy. This corruption will prevent Apache from starting up. You can check log/reverseproxy.log on the device and look for errors there, a clear indication of this problem is a line saying 'invalid encrypted key'. If you see that, you can reach out to support, they have a workaround ready to handle this case. Or you can disable these features in the protection policy, that should also allow WAF to start.

  • 0 in reply to AttilaKovacs

    Hello!

    Thank you for the first one, that  was is dont thinking about... my fault

    The second one thank you, but the interesting thing is now i have an interface what has an ip address and im bind it to a waf rule  then the waf not responding to it

  • 0 in reply to Svigelj Levi1

    That could be due to the second problem with the database corruption, unless you already removed all protection policies from all WAF rules.

    Check reverseproxy.log for errors, or you can open a support case and someone from the development team will take a look at the box.

Reply Children