Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 10 replies
  • Subscribers 29 subscribers
  • Views 19859 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WARNING: Upgrading to MR7 breaks connection to Sophos Central Firewall Manager

Stuart James

Upgrading to MR7 will break your connection to Central Management. When you upgrade the firmware, it will switch your management to CFM (Sophos Central Firewall Manager) which has no options whatsoever. Your log files will be swamped with errors "Failed to send heartbeat from device to SFM"

 

This has been confirmed as a bug by Sophos at their end (in the cloud), yet it was not fixed in MR8 and they don't appear to believe it is a priority nor fixing it anytime soon.

 

We made the mistake of pushing out the firmware upgrade to more than 50 devices by the firewall manager and this has broken the connection across the board, meaning that we will now have to log in to each device manually, switch SFM and put in manual details under Sophos consider this a priority and fix it, at which case we will need to log back in to them all again and switch it back to CFM.

 

Warning to everyone not to upgrade to MR7 if you use Central Firewall Manager.



This thread was automatically locked due to age.
  • 0

    No issues with Manager connecting for us, running either MR7 or MR8.

  • 0 in reply to ken9000

    Interesting. I have at least 50 devices with the same issue.

    When you upgraded, did it change your settings to be like this:

  • 0 in reply to Stuart James

    Even more interesting is that Sophos Support has acknowledged that it is a bug but have no ETA on when it will be fixed.

  • 0

    Still not fixed in v17 and Support say it's still being worked on.

     

    Apparently not being able to remotely manage 50 devices because of a bug they introduced is not a high priority.

  • 0

    Hi Stuart,

    Could you please reply on below queries.

    1) 16.5 MR-6 is the only latest firmware available for distribution via SFM & CFM, so how it could be possible to distribute the firmware SF 16.5 MR-7 via SFM-CFM. If it is the case of SFM than this bug could not be in the cloud. Could you please provide more details on this. 

    2) If you tried to manually upgrade the firmware in SFOS by login into each SFOS devices than in SFOS as well, latest firmware SF 16.5 MR-8 is available, SF 16.5 MR-7 is not available.

    But, yes we can manually download the MR-7 firmware in all SFOS devices via download link and can upgrade all SFOS devices one by one.

    3) And after download the MR-7 firmware via download link and upgrade the SFOS firmware to MR-7 by login into SFOS device, we are not facing this issue, "It will switch your management to CFM (Sophos Central Firewall Manager)" , could you please provide more details on this.

    4) Could you provide me the bug id for this case.

  • 0 in reply to JitendraParmar

    Hi Jitendra, thankyou for your reply.

    1) Sorry you are quite right, perhaps that is the problem?

    2) MR-7 must have been installed manually at the time it was released, same problem occurs in MR-8 and now the problem occurs in 17.

    3) It used to be like this:

     

    After upgrade it is now like this automatically as part of the firmware upgrade, deletes all the settings and breaks the connection by setting to this:



    4) Call number is 7529468 - last update in September:

    We are still awaiting for the permanent fix from our Dev team which is possibly on the version 17 though we do not have confirmation yet. Currently, that is the workaround that was provided.

    We will make sure to provide you an update as soon as possible.

    Regards,

    Alvin Lejao
    Sophos Technical Support

  • 0

    Any update on this case? I still have broken firewalls, even new installs that constantly say "Failed to send heartbeat from device to SFM".

  • 0 in reply to DanielConley

    Hi, this problem was not recreating locally and any customer didn't reported till. As per screenshots it looks before and after upgradation SFOS managed by CFM only not by SFM. Still I am suggesting to upgrade SFOS devices to latest firmware available because SFOS 16.5 MR7 is very old firmware and after that we had SFOS 17.0 and SFOS 17.1 releases on the field.

  • 0

    Still happening 2 years later. iView being smashed with errors. Unbelievable that it hasn't been fixed.