Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Replies 68 replies
  • Answers 1 answer
  • Subscribers 20 subscribers
  • Views 10651 views
  • Users 0 members are here
Options
Suggested

Sophos Firewall: v19.0 EAP2: Feedback and experiences

LuCar Toni

Release Post: https://community.sophos.com/sophos-xg-firewall/sfos-v19-early-access-program/b/announcements/posts/sophos-firewall-os-v19-eap-2-now-available

Old EAP1 post: https://community.sophos.com/sophos-xg-firewall/sfos-v19-early-access-program/f/discussions/131583/sophos-firewall-v19-0-eap1-feedback-and-experiences

Release Notes: https://community.sophos.com/sophos-xg-firewall/sfos-v19-early-access-program/b/announcements/posts/sophos-firewall-v19-xstream-sd-wan

If you occur an potential Bug: Please raise a ticket with the "Feedback" Option in the V19.0 Webadmin! 



Paste error.
[bearbeitet von: LuCar Toni um 9:09 PM (GMT -8) am 5 Feb 2022]
  • 0 in reply to Andreas1202

    Hi,

    there is another thread on the subject that provides the answer, which I will summarise.

    For some strange reason the V19 EAPx software snahges the default CA in the mail tab of the GUI. You will need to change it to your previous selection.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to LuCar Toni

    It certainly helps, I always forget about red when I don't use device red.

    When I commented it was a quick thought of the problem I had that day. So I didn't think it through. Thanks.

  • 0 in reply to rfcat_vk

    Is there any chance for a maintenance patch to support IMAP/S protocols in EAP2? If not, unfortunately I will have to withdraw from testing for now. The EAP1 worked very well in this respect. Even though this is a test environment, I would like to be sure that the basic protection functions are working.

  • 0 in reply to darnoK

    Hi,

    I found the answer to the issue in another thread. Basically v19 EAP2 for some unknown reason changes the XG default certificate used by mail scanning. You need to change to your preferred CA and that should fix the issue.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0

    Since EAP 2 Sophos Central Sync is not working. in central it shows offline and also shows the wrong version listed.

    when i try to turn off central sync on the firewall i get this message

    "Couldn’t apply settings to turn on firewall services from Sophos Central."
  • 0 in reply to Wesley Heydlauff

    Hi,

    you will  need to delete the firewall from CM and then re-register it.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    I cannot even turn it off the the firewall side and central says it is not online. Will that work even if it is not talking to central?

  • 0 in reply to Wesley Heydlauff

    Hi,

    yes, you deregister it from CM and then disable on the XG, then restart the XG.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    ok i deregistered from central and the firewall and now it will not longer add. I tried with username and password and it would not work, Tried with OTP and it says credentials incorrect. now i cannot register the firewall back to central.

    exact message with OTP registration

    Couldn't register the firewall with Sophos Central. Verify your Sophos Central credentials.

    when using username password get this

    Temporary error while accessing Sophos Central, please try again
    in centralmanagement.log i get this message
    can't connect to utm.cloud.sophos.com:443 (certificate verify failed)

    LWP::Protocol::https::Socket: SSL connect attempt failed error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed at /lib32/perl/site_perl/5.20.1/LWP/Protocol/http.pm line 47.

    2022-02-24 22:18:36Z INFO API.pm[16369]:120 SFOS::Common::Central::API::send_request - HTTP::Request failed due to a SSL verification error
    2022-02-24 22:18:36Z INFO zt-hub-connect[16369]:107 main:: - ZT: Connecting to Sophos Central HUB [https://utm.cloud.sophos.com/api/utm] failed for the 2 time. Retry in a second.
    2022-02-24 22:18:37Z WARN API.pm[16369]:119 SFOS::Common::Central::API::send_request - 500 Can't connect to utm.cloud.sophos.com:443 (certificate verify failed)
    Content-Type: text/plain
    Client-Date: Thu, 24 Feb 2022 22:18:37 GMT
    Client-Warning: Internal response

    Can't connect to utm.cloud.sophos.com:443 (certificate verify failed)

    LWP::Protocol::https::Socket: SSL connect attempt failed error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed at /lib32/perl/site_perl/5.20.1/LWP/Protocol/http.pm line 47.

    2022-02-24 22:18:37Z INFO API.pm[16369]:120 SFOS::Common::Central::API::send_request - HTTP::Request failed due to a SSL verification error
    2022-02-24 22:18:37Z INFO zt-hub-connect[16369]:112 main:: - ZT: Connecting to Sophos Central HUB [https://utm.cloud.sophos.com/api/utm] failed 3 times. Exiting
    2022-02-24 22:18:37Z ERROR Tools.pm[16369]:97 SFOS::Common::Central::Tools::report_status - EAGAIN: Temporary error while accessing Sophos Central or Sophos Central indentity could not be verified.
    2022-02-24 22:18:37Z FATAL central-connect[16382]:59 main:: - Seems that we got called by accident since we are not registered. Exiting.
    2022-02-24 22:18:38Z FATAL central-connect[16386]:59 main:: - Seems that we got called by accident since we are not registered. Exiting.
    2022-02-24 22:19:04Z FATAL central-connect[16526]:59 main:: - Seems that we got called by accident since we are not registered. Exiting.
  • 0 in reply to Wesley Heydlauff

    Hey Wesley,

    you appear to be trying to register to the wrong CM, should be to cloud.sophos.com/......

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?