Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 30 subscribers
  • Views 9000 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Do any users recommend upgrading to V17?

GaryChancellor

I have two sites with Sophos XG135 (SFOS 16.05.8 MR-8) that are stable and running an IPSEC VPN between them. I haven't converted them to RED.

I read several forum issues with V17 and bugs likely fixed in V17 MR-2 coming soon. Should I just wait for MR-2?

 

Regards,

Gary



This thread was automatically locked due to age.
  • 0

    Hi Gary,

    I will recommend you to wait for v17 MR2. There is bug NC-21979 with P1 with IPS/Application Control.

    Bug Description.

    Sophos XG v17 has changed it cloud database for application and web filter from WINGs/WINGc to SXL/SWA .

    Due to different limitations with SFOS and CROS still the database has not yet migrated due to which there are many Applications like Google Maps, Google Images, Dropbox etc are getting blocked. The only work around is to disable web & app filter and microapps discovery.

    Sophos has a very poor QC processor as this bug was already identified during the beta testing by the internal team. If the cloud servers are not ready for v17 SXL/SWA, how can Sophos release v17 to world?

    Regards, Ronak.

  • 0

    I like v17, but I'm not running the same hardware.  I've had so many issues with SSL scanning and streaming videos with UTM and XG, requiring me to put in scanning exclusions for so many video-hosting sites (such as googlevideo.com).  It was getting irritating.  It got to the point where I turned off SSL inspection altogether.  This was finally resolved in v17.

  • 0

    Hi,

    We are having lot of issues with IPSEC VPN in v17 and 17 MR1.We advice you to wait for MR2,look at the feedback and then upgrade.

    We didn't have any issues with SSL inspection though.

  • 0 in reply to Support Chn

    We had to dump IPSEC site to site VPNs with 17.0.1 and use RED, actually a blessing in disguise as once set up it is much better, on a transcontinental link anyway, can't comment on shorter ones where IPSEC might be okay.

  • 0 in reply to CMR

    Thanks. I have considered moving to RED. It wasn't supported when I first set everything up and I haven't had an opportunity to go back and play with it. I lack confidence on XG. I don't know if it is the product or my ignorance, but I am never quite sure if it is going to work as I want it to.

    Regards,

    Gary

  • 0 in reply to Support Chn

    Thanks for the feedback. I took your advice. Still waiting for the results. I may wait another couple of weeks to let the dust settle.

    Regards,

    Gary

  • 0 in reply to JordanM

    I have also had a lot of issues with streaming video escpecially from iTunes - so that is welcome news. I have turned off more scanning than I would like and look forward to fully using the security features as intended. Thanks for the positive feedback.

    Regards,

    Gary

  • 0 in reply to Ronak Sheth

    Ronak,

    I didn't see that bug in the fix list for MR2. Have you been able to confirm if it has been fixed?

    Regards,

    Gary

  • 0 in reply to GaryChancellor

    You're going to need to keep the Apple/iTunes SSL exclusions, regardless of vendor product.  Apple uses certificate pinning and doesn't like their stuff intercepted.  I use McAfee Web Gateways at work and need to keep *.mzstatic.com, *.apple.com and *.itunes.com from being intercepted on both products.