Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 68 replies
  • Answers 3 answers
  • Subscribers 54 subscribers
  • Views 13177 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Firewall: v19.5 MR1: Feedback and experiences

LuCar Toni

Release Post:   Sophos Firewall OS v19.5 MR1 is Now Available 

The old V19.5 GA Thread:  Sophos Firewall: v19.5 GA: Feedback and experiences 



This thread was automatically locked due to age.

Top Replies

  • in reply to twister5800 +4 suggested

    The latest firmware releases removed some alerts, which were in the product. The next alert to be removed is the "Central Managed" alert, which is currently static. All other alerts are removable by "resolving the situation". Deletion/acknolowdiging is something, which requires are complete overhowl of the control center alert system, which is not planned soon. 

    The removal of "XG" is something valid for future releases. Not planned yet. 

    Login notification is currently possible for CFR, if you want to get a report per day of who logged in and when. But not for the "instant notification". This is on the backlog. 

    Jump to answer
Parents
  • 0

    This has been a very bad experience for us. 

    Running 2 XGS21000 in HA mode. 

    Since upgrading connectivity to websites is slow, sometimes hangs completely. Some apps will get disconnected after a few minutes of use. This is consistent so has made those apps useless, for example my General Manager has stopped using Sirius XM radio on his desktop because it will not stay connected. When these problems are happening we see many "invalid packet" in the log file for that client and service. This indicates a problem with nf_conntrack but the only thing support has been able to do for the past few weeks is try adjusting the tcp-est-idle-timeout but the timeouts are already happening much sooner than the timeout value. We will probably roll back soon but if we do that how will we know when it's safe to upgrade again? It is a problem. 

Reply
  • 0

    This has been a very bad experience for us. 

    Running 2 XGS21000 in HA mode. 

    Since upgrading connectivity to websites is slow, sometimes hangs completely. Some apps will get disconnected after a few minutes of use. This is consistent so has made those apps useless, for example my General Manager has stopped using Sirius XM radio on his desktop because it will not stay connected. When these problems are happening we see many "invalid packet" in the log file for that client and service. This indicates a problem with nf_conntrack but the only thing support has been able to do for the past few weeks is try adjusting the tcp-est-idle-timeout but the timeouts are already happening much sooner than the timeout value. We will probably roll back soon but if we do that how will we know when it's safe to upgrade again? It is a problem. 

Children