Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Replies 108 replies
  • Subscribers 29 subscribers
  • Views 17039 views
  • Users 0 members are here
Options
Suggested

Sophos Firewall: v19.0 EAP1: Feedback and experiences

LuCar Toni

Release Notes: https://community.sophos.com/sophos-xg-firewall/sfos-v19-early-access-program/b/announcements/posts/sophos-firewall-v19-xstream-sd-wan

Be aware: V18.5 MR2 is not supported to migrate. If you want to upgrade from MR2, do a downgrade to V18.5 MR1. You will loose all configuration changes done in MR2. 

If you occur an potential Bug: Please raise a ticket with the "Feedback" Option in the V19.0 Webadmin! 



Feedback
[bearbeitet von: LuCar Toni um 2:07 PM (GMT -8) am 9 Dec 2021]
Parents
  • 0

    Hi Lucar!

    Good to see "SD-WAN SLA profiles"... it was time!

    Good for "Per-Connection Authentication"  but, what will happen to SATC?

    I'll do some testing to see the new features! Thanks

    P.S.
    Will there be integration with Sophos switches within the SFOS 19 later, or will everything be managed by Sophos Central?

  • 0 in reply to GabrieleD

    SATC is End of Life. Server Protection in Intercept X took over. And this tool will continue to be used. The New feature "Multi Host Authentication" uses the legacy proxy of SFOS and not DPI. So actually this is not the "next generation technology" like Intercept X can utilize. 

    Switch will be integrated into Central, not the Firewall. There is no real use case to do it on the firewall to be honest. Simply because the platform of Central is build to manage multiple products, while a firewall is not. 

    __________________________________________________________________________________________________________________

Reply
  • 0 in reply to GabrieleD

    SATC is End of Life. Server Protection in Intercept X took over. And this tool will continue to be used. The New feature "Multi Host Authentication" uses the legacy proxy of SFOS and not DPI. So actually this is not the "next generation technology" like Intercept X can utilize. 

    Switch will be integrated into Central, not the Firewall. There is no real use case to do it on the firewall to be honest. Simply because the platform of Central is build to manage multiple products, while a firewall is not. 

    __________________________________________________________________________________________________________________

Children
  • 0 in reply to LuCar Toni

    .... OK but If customer hasn't Sophos Endpoint protection? I have to go through Legacy Proxy.

    in SD-WAN SLA profiles can not see SLA based on bandwidth ...

  • 0 in reply to GabrieleD

    Thats correct, that feature is build for migration customers, who does not use Intercept X for what ever reason. But they have to use the legacy proxy. 

    Based on bandwidth does not work in a broader scheme. Because how should the firewall know, whats the available bandwidth? We are looking for the common terms, Packet lost, latency or jitter. Based on bandwidth would mean, we have to stretch to get a "round about number" which are not correct. Only the ISP knows how fast the current connection is "really". 

    __________________________________________________________________________________________________________________

Unfiltered HTML