Sophos Firewall release notes (2024)

Version 20.0 MR2 Build 378

Released on July 23, 2024

New features

This page describes the new features introduced. For details, see the Sophos Firewall help.

New Backup-restore assistant

Sophos Firewall release notes (1)

SFOS 20.0 MR2 introduces the new backup-restore assistant and offers greater flexibility in restoring backups. The version also eliminates all practical restrictions.

Backup-restore assistant: The enhanced backup-restore functionality allows you to see and change the default port mapping in the new assistant. The assistant is available for backups from 19.5 MR4 and later versions restored to 20.0 MR2 and later.

Great flexibility: The following features are available for backups from all supported versions restored to 20.0 MR2 and later:

  • Wider model compatibility: You can move from a higher to a lower-capacity appliance model and restore existing backups. For example, you can restore backups from a 1US XG Series firewall model to the desktop XGS 126 model of the more powerful XGS Series firewalls. You can also restore backups among hardware appliances, cloud, virtual, and software firewalls.
  • Change the interface mapping: You can change the default interface mapping and map a physical interface to a different one, including higher-speed ports. For example, you can map a 10 GbE port to a 40 GbE port. You can change the parent interfaces of VLAN and LAG interfaces.
  • High availability ports: You can restore HA backups to devices with fewer or more interfaces. The dedicated HA link can be on a different port in the target device. See the help page Key interface mapping concepts in 20.0 MR2.
  • The release eliminates previous limitations that required the target device to have the same number of interfaces and the same dedicated HA link port as the backup.

Backup-restore links

  • Use the tool to check if you can restore backups between appliance models and platforms. Check compatible devices to restore backups.
  • Watch the video Backup-restore enhancements.
  • See the help page Restore backups to 20.0 MR2.

Other security and flexibility enhancements

  • More transparent AD SSO experience when HSTS is enforced, enabling the Kerberos or NTLM handshake to take place over HTTP or HTTPS.
  • Improved interactions with an Active Directory domain when a high availability failover occurs.
  • Enhanced Web Protection performance with reduced system load when enforcing SafeSearch, YouTube restrictions, Google App login domain restrictions, and Azure AD tenant restrictions.
  • Cipher compliance: You can set your security balance for cipher compatibility or audit compliance (PCI) by customizing the allowed cipher suites. Read the knowledgebase article TLS 1.1 and cipher support in captive portal and web proxy.

Version 20.0 MR1 Build 342

Released on May 15, 2024

New features

This page describes the new features introduced. For details, see the Sophos Firewall help.

Important points to know before you upgrade

SSL VPN compatibility for 20.0 MR1 and later with EoL SFOS versions and UTM9 OS

OpenVPN has been upgraded to 2.6.0 in this version. Firewalls upgraded to 20.0 MR1 and later versions won't establish SSL VPN tunnels with the following clients and firewall versions:

  • SFOS 18.5 and earlier versions (end-of-life): Site-to-site SSL VPNs won't be established between SFOS 18.5 or earlier versions and SFOS 20.0 MR1 and later. We recommend that you upgrade both firewalls to 20.0 MR1 and later versions at the same time. Alternatively, you can use site-to-site IPsec or RED tunnels.
  • Legacy SSL VPN client (end-of-life): Remote access SSL VPN tunnels won't be established with the legacy SSL VPN client, which is already end-of-life. You can use the Sophos Connect client or third-party clients, such as OpenVPN client, or use remote access IPsec tunnels. See Remote access SSL VPN with the Sophos Connect client. See Remote access IPsec VPN.
  • UTM9 OS: Site-to-site SSL VPNs won't be established between UTM9 OS and SFOS 20.0 MR1 and later versions. We recommend that you migrate these to 20.0 MR1 and later versions. Alternatively, you can use site-to-site IPsec or RED tunnels.

For site-to-site IPsec tunnels, see Route-based VPN. For RED tunnels, see Site-to-site RED tunnel.

End-of-life RED devices

20.0 MR1 and later versions won't support the following legacy RED devices: RED 15, 15w, and 50. They have been declared end-of-life in 2023. For more details, see the article Sophos RED: End-of-life of RED 15/15(w) and RED 50.

LINCE certification

You can configure the following Sophos Firewall platforms to use a cryptography library that meets Spain's National Essential Security Certification (LINCE):

  • XGS series hardware appliances
  • Cloud, virtual, and software firewalls

For more details, see the help page National Essential Security Certification (LINCE).

Device access and Local service ACL exception rules

Device access: This release offers enhancements to the device access grid for access from zones to certain services. The grid has also been grouped to offer intuitive configurations and granular control:

  • IPsec and RED: IPsec and RED services are available on Device access to allow or block traffic based on zones. For example, you can block access to RED service from WAN while allowing access from other zones.
  • VPN services: IPsec, SSL VPN, VPN portal, and RED are grouped under VPN services.

Local service ACL exception rule:

  • List view: The list view of exception rules provides detailed information, such as source, destination, service, and action, with full visibility into the rules, eliminating the need to open the rule to check information.
  • Services: All the services in the device access grid are now available under services in the exception rule, including RED and IPsec services, offering granular control. For example, you can create an exception rule to allow or block VPN on a specific interface when the service is allowed from WAN. You can also specify the country and IP address, dropping VPN requests from specific countries, such as China, and allow VPN traffic from known FQDNs. The additional services available in exception rules are AD SSO, RADIUS SSO, Captive portal, Client authentication, Chromebook, Wireless, SMTP, SNMP, RED, and IPsec.
  • Additional object types: The object types, FQDN host, FQDN host group, MAC address, and MAC address list, are available for selection in source and destination hosts, eliminating the need to update dynamic IP addresses in local ACL exception rules.

SD-WAN enhancements for scalability

  • Scalability: This version brings 4x improvements in the gateway availability time during HA failover and device restart, ensuring minimal traffic disruption.
  • Detailed information view: SD-WAN routes show important gateway information, such as IP address, interface, and name, when you hover over the gateway while configuring the route.

VPN enhancements

SSL VPN

  • OpenVPN 3.0: Sophos Firewall is now compatible with OpenVPN 3.0 clients. Users can download the compatible configuration file from the VPN portal.

IPsec VPN

  • Phase I ciphers: The GCM suite-B ciphers, AES256GCM16, AES192GCM16, and AES128GCM16, are available for Phase I IKEv2 tunnels, offering better throughput and greater interoperability with third-party devices.
  • System-generated traffic: CLI commands are available to prevent system-generated traffic from flowing through policy-based IPsec tunnels when the remote subnets are set to Any. For details, see the routing commands.
  • The firewall now uses the upgraded strongSwan version 5.9.11.

DHCP enhancements

  • IPv6 DHCP prefix delegation: The firewall requests the preferred prefix from the ISP each time you update the interface configuration or when the firewall restarts.
  • DHCP lease time: DHCP clients will make renewal requests at 30 seconds if the lease interval's half-time is 30 seconds or less, ensuring continuous WAN connectivity.
  • Boot options: DHCP now supports boot server and boot file options in the DHCP header. You can also continue to send the parameters through specific DHCP options to provision network devices.

Logging enhancements

  • Download log files: You can download individual log files from the web admin console on the Diagnostics page under Troubleshooting logs. The Consolidated Troubleshooting Report (CTR) continues to have all the log files.
  • Default log lines in CTR: The default number of log lines for log files in the Consolidated Troubleshooting report is now 10,000.
  • Syslog delimiter: You can customize the delimiter in syslog event messages, offering flexibility in managing log data.

True Zero Touch configuration

TPM-based True Zero Touch is available to remotely deploy firewalls in branch offices through Sophos Central. You'll specify the firewall configuration in Sophos Central. The remote firewall administrator connects the firewall to the internet and turns it on. The firewall connects to Sophos Central, downloads and applies the configuration, and then registers with Sophos Central. For more details, see the Sophos Central help.

RED

SD-RED now supports bridge configuration for WAN interfaces with the RED tunnel.

Other enhancements

  • Generative AI assistant: The firewall now provides assistance using Generative AI through Sophos Assistant with dynamic help and configuration steps.
  • Automatic language detection: The web admin console and user portal automatically select and store the browser's preferred language for languages the firewall supports, offering a seamless sign-in experience.
  • Custom gateways: Custom gateways now support the link-local address.
  • Data optimization in Synchronized Application Control: The firewall only retains the recent five occurrences for each application detected by SAC per endpoint.
  • IPv4 internet host group: Updated the default public IPv4 host ranges to contain all the public IPv4 address ranges.
  • Object descriptions: Added description fields for IP, MAC, FQDN, and service objects.
  • Country list: Updated the country list.
  • Web: In the web proxy, we've refined the Pharming protection feature to address a potential vulnerability arising from modifications to the destination IP address during proxy DNS resolution. With the updated behavior, the firewall policy will now undergo re-evaluation using the DNS-resolved IP address from Pharming protection.
  • XML API: 20.0 MR1 and later versions don't support the XML API version for the end-of-life versions 17.5 and 18.0. If the APIVersion tag you use shows old versions, change the tag to the supported API versions.

Version 20.0 GA Build 222

Released on November 06, 2023

New features

This page describes the new features introduced. For details, see the Sophos Firewall help.

Active threat response

Active threat response integrates Managed Detection and Response (MDR) threat feeds with Sophos Firewall. Synchronized Security extends to Active threat response, enabling the firewall to automatically shut down active threats in the network.

MDR threat feeds

Active threat response brings the MDR service to Sophos Firewall through MDR threat feeds. Security analysts from the Sophos MDR team (or your XDR SOC team in the future) can share threat intelligence related to your network, pushing active threat information in real time to the firewall. Based on the threat feeds, the firewall automatically blocks traffic, including DNS requests and HTTPS traffic, from any host in the network that tries to communicate with malicious IP addresses, domains, or URLs. Additional rules and policies aren't required for the Active threat response action. Watch the video Active threat response with MDR threat feeds.

Synchronized Security: Active threat response extends Synchronized Security with its automated response based on RED Security Heartbeat to MDR threat feeds in the firewall. Based on the threat feed, the firewall automatically queries any Sophos-managed endpoint attempting to communicate with malicious servers for additional information, such as the host, user, and process, which enables you to determine any Indicators of Compromise (IoC). It prevents compromised endpoints from moving laterally or communicating outward, shutting down active threats in the network.

The release enhances Synchronized Security with added scalability and reduced false missing heartbeats for endpoints in sleep or hibernate status.

Dynamic threat feeds

Sophos X-Ops threat feeds: Advanced threat protection has been renamed Sophos X-Ops threat feeds. It offers periodic updates of threat feeds from SophosLabs.

Extensible framework for dynamic threat feeds: Active threat response introduces a new extensible API framework for dynamic threat feeds in the firewall. The framework enables the following threat intelligence to be shared with the firewall:

  • Sophos products and services, such as Sophos X-Ops and MDR threat feeds.
  • Third-party threat feeds in a future release.

Network scalability and resiliency for distributed enterprises

The release offers VPN, IPv6, and SD-WAN enhancements with scalability, security, and interoperability.

VPN enhancements

  • VPN portal: A new, hardened, and highly secure, containerized self-service VPN portal is available for remote access VPN users. It contains remote access downloads, such as the Sophos Connect Client and configurations, and performs auto-provisioning for remote access VPN connections. It also contains clientless VPN bookmarks.

    These services are no longer available in the user portal, minimizing the need to expose the user portal to WAN and tightening its security. To maintain compatibility, the VPN portal is available by default on the previous user portal port (443). It can share a common port with WAF or SSL VPN. The user portal now uses port 4443 by default. See the help for Port sharing among services.

    For migration details and how port settings apply from Sophos Central, see the knowledge base article New VPN portal in SFOS 20.0 and later.

  • FQDNs in SSL VPN: Fully qualified domain name (FQDN) host and group support is available for remote access and site-to-site SSL VPNs. You can select these under permitted, local, and remote networks.
  • IPsec VPN:
    • Stateful HA failover: Seamless transition for route-based, policy-based, and remote access VPNs without losing tunnel connectivity during high-availability failover. Also supports seamless connection failover for stateless protocols with minimal packet loss.
    • SNMP monitoring for tunnel status: Added MIB entries to monitor the following IPsec VPN tunnel statuses through SNMP: activate, deactivate, connected. You can download the new MIB file from the web admin console.
    • Multiple remote gateway support for route-based VPN: You can enter a wildcard address (*) for the remote gateway in route-based VPNs. This eliminates the need for explicit DDNS or FQDN configuration in dynamic gateway IP deployments.
    • Unique preshared keys: You can have unique preshared keys (PSK) for VPN connections with the same local and remote gateway settings if you use IKEv2 profiles and configure a unique set of local and remote IDs.
    • DH groups 27 to 30: DH groups 27 to 30 are available for IKEv2 IPsec profiles based on RFC 6954.

Watch the video VPN enhancements.

IPv6 DHCP prefix delegation and BGP, SD-WAN

  • IPv6 DHCP prefix delegation: Seamless integration with DHCP prefix delegation by ISPs for internal networks. This automates the assignment of IPv6 prefixes to internal subnets, simplifying network setup and reducing manual configuration. Watch the video DHCP prefix delegation.
  • BGP IPv6: Enhancements to the dynamic routing engine now support BGPv6 for improved IPv6 interoperability. Watch the video IPv6 dynamic routing in Border Gateway Protocol.
  • SD-WAN scalability: Increased scalability for SD-WAN gateways by 3 times to 3072 gateways and the number of SD-WAN profiles to 1024.

SASE and remote worker protection

In cloud-hosted network security services delivering key remote worker and branch office protection capabilities, ZTNA, SD-WAN, and DNS protection have been integrated into Sophos Firewall (both on-premise and cloud-hosted).

  • ZTNA Gateway: Sophos ZTNA Gateway is now available in Sophos Firewall, greatly simplifying ZTNA deployment. You can use ZTNA as a replacement for remote access VPN with higher security, seamless scalability, easier management, and a more transparent end-user experience.
    • Direct integration in Sophos firewall: The ZTNA gateway is directly integrated into the firewall, eliminating the need for a separate gateway on a VM for remote access to systems and applications hosted behind the firewall. You don't need to deploy additional applications on your network to support ZTNA secure access. You only deploy a single agent on the remote endpoint.
    • Free trial: ZTNA free trial is available in Sophos Central. You can use this trial to explore ZTNA and manage the firewall or internally hosted systems and applications with high security.
  • SD-WAN backbone on-ramping: We built SD-WAN partnerships with top-tier SD-WAN backbone providers to enable smooth and easy on-ramping of local SD-WAN traffic to these high-performance global networks. Sophos Firewall connects seamlessly to these networks, enabling high-performance connectivity and routing, as well as access to their SASE security services. These SD-WAN backbone providers are as follows:
    • Akamai SIA integration: With the Akamai Secure Internet Access (SIA) integration, you can on-ramp traffic from Sophos Firewall to Akamai SIA SSE (Security Service Edge) using redundant and resilient SD-WAN over route-based IPsec VPN tunnels. For configuration details, see the recommended read Connect Akamai SIA and Sophos Firewall.
    • Cloudflare Magic WAN integration: You can on-ramp traffic from Sophos Firewall to CloudFlare Magic WAN using redundant and resilient SD-WAN over route-based IPsec VPN or GRE tunnels.​ For configuration details, see the recommended read Connect Cloudflare Magic WAN and Sophos Firewall.
    • Azure Virtual WAN: Integration with Azure Virtual WAN offers Sophos Firewall protection to applications and network traffic flows along with scalable SD-WAN connectivity to deploy the Microsoft Global Network as a secure enterprise WAN backbone. For configuration details, see the recommended read How to Integrate Sophos Firewall with Azure Virtual WAN (Secure SD-WAN).
  • Sophos DNS protection: Sophos Firewall fully supports the upcoming release of Sophos DNS protection, a new cloud-delivered web security service. Sophos DNS Protection delivers a new domain name resolution service (DNS) with compliance and security features hosted by Sophos. The service provides an additional layer of web protection, preventing access to known compromised or malicious domains across all ports, protocols, and applications, including encrypted and unencrypted traffic.

    The new Sophos DNS protection service will soon be available for early access.

Quality of life enhancements

  • Turn interfaces on or off: Turn interfaces on or off while retaining their configurations. The turned-off status appears on the Control center.

    You can't turn off alias or tunnel interfaces and members of a LAG or bridge interface, but you can turn off the entire LAG or bridge interface.

  • Object reference lookup: You can see the usage count of all host and service objects and the list of all locations where the object is in use, such as in rules, policies, and routes. You can edit or remove objects from the object list without going to the location for many locations.
  • High resolution for web admin console: The web admin console now uses a high-resolution display, delivering a scalable user interface. Tables use the Full HD width (1920 pixels) to show more information, reducing the need to scroll horizontally.
  • Automatic rollback for failed firmware updates: If a firewall, including high-availability devices, can't complete a firmware upgrade, the firewall (or the cluster) is automatically rolled back to the previous firmware version. An alert appears in the Control center.
  • Backup-restore: You can restore backups from a firewall with integrated Wi-Fi to a firewall without integrated Wi-Fi. You must remove the wireless networks in the firewall before taking the backup.
  • Microsoft Entra ID (Azure AD) SSO: Watch the video Captive portal SSO and group import.
    • Captive portal: Microsoft Entra ID (Azure AD) SSO now supports user authentication through the captive portal. Version 19.5 added Azure AD SSO authentication for the web admin console.
    • Import groups: You can use the new import assistant to import all Microsoft Entra ID (Azure AD) groups or those that match the attributes you specify from Azure Portal. This eliminates the need to create groups manually in the firewall.
    • Automatic Azure RBAC: Introduces Role-based Access Control (RBAC). If you change a user's role in Azure Portal, the firewall automatically applies their new role when they next sign in. It also applies the profile and privileges that apply to the new role.

Watch the video Quality of life enhancements.

Web Application Firewall (WAF)

  • Geo-IP policy enforcement: You can block users from accessing resources protected by WAF from the countries you specify or IP addresses that can't be associated with a specific country.
  • Custom ciphers and TLS version settings: Enables the use of more secure ciphers while excluding less secure ciphers.
  • Improved security: Adds HTTP Strict Transport Security (HSTS) for HTTPS enforcement in the client (browser) and X-Content-Type-Options enforcement to provide MIME-type sniffing protection.

Azure enhancements

Azure Single Arm Deployment Support: For Microsoft Azure public cloud deployments, you can choose a smaller instance size with single arm deployments and save your infrastructure costs. This reduces network and operational complexity.

Resolved issues

Version 20.0 MR2 Build 378

Fixed issues, listed by ID, description, explanation and Workaround.
Issue ID Component Description
NC-131391 Authentication L2TP authentication isn't working with Windows Automatic Logon enabled in VPN adapter.
NC-132907 Authentication Access server coredump user disconnection.
NC-127665 CDB-CFR, CM Firewall shows disconnected status on Sophos Central after the firewall restarts.
NC-136645 Certificates Certificates from Starfield Secure Certificate Authority - G2 were untrusted in 20.0 MR1.
NC-127253 Clientless Access HTTP Host header injection in VPN portal.
NC-132845 CSC Log viewer shows a blank username field when a user is deleted in virtual firewall.
NC-130879 DHCP DHCP relay fails intermittently, and clients no longer receive an IP address. Changing the DHCP relay configuration makes it work again.
NC-136246 DHCP DHCP server doesn't start when Boot options are configured with URL.
NC-126576 Email Greylisting doesn't work.
NC-128229 Email Turning on SPF check isn't an option to block spoofed emails of the internal domain.
NC-131106 Email Inbound email isn't delivered to the mailbox when SMTP scanning is on in legacy mode.
NC-132557 Email HA synchronization issue for email encryption SPX template.
NC-133157 Email Unable to send backups using Amazon SES.
NC-135882 Email Regression in IMAP proxy.
NC-134783 Firewall Unable to see IP Host or MAC host in the firewall.
NC-136153 Firewall Local ACL exception rule doesn't work for SMTP relay.
NC-136681 Firewall Unable to access the web admin console of remote firewall with site-to-site VPN using NAT.
NC-125024 Firmware Management Incorrect pop-up message while updating a standalone HA device.
NC-131100 Firmware Management SNMP server shows 100 percent /tmp/npu_diag usage.
NC-132862 Firmware Management SSH Terrapin prefix truncation weakness (CVE-2023-48795).
NC-135340 Firmware Management Restrict parallel firmware upgrade flows.
NC-130404 HA License issue in auxiliary device in active-passive HA pair.
NC-135699 HA Firewall web admin console doesn't respond on HA page.
NC-133495 Interface Management Can't turn off Port1 if web admin console language is set to German.
NC-136619 Interface Management udhcpc isn't sending a renew request with a low lease time of 40 seconds.
NC-132542 IPS-DAQ Memory allocation failure in jumbogram causes IPS log to grow in GBs.
NC-135467 IPsec Unable to connect IPsec tunnel when the port is turned off, and the local gateway is changed to an active port.
NC-136651 IPsec] Charon high CPU for IPsec passthrough traffic.
NC-133699 Localization German language errors in the firewall.
NC-129242 Logging Framework Notification plugin reconfiguration failure causes crash in fca_output.
NC-136693 Logging Framework Control center doesn't show bandwidth utilisation by interfaces.
NC-133375 Logging Framework (Central Reporting) Garner doesn't respond.
NC-128941 NFP-Firewall, XGS-IPsec Traffic doesn't flow through IPsec tunnel when ipsec-acceleration> is on.
NC-137333 Service Object Missing entries for Services on web admin console after changes were made.
NC-132821 Static Routing Staticd service stopped after upgrading the device to 19.5 MR4.
NC-135342 SupportAccess Support access isn't working after a restart.
NC-131365 UI Framework DNS server IP address in DHCP server configuration changes unexpectedly in the XG web admin console.
NC-131782 WAF After a second HA failover, GeoIP settings in WAF rules are lost.
NC-100895 Web Unable to remove URL from web category when URL contains "\" backward slash character.
NC-113504 Web Unable to add a second URL with the same parent domain.
NC-115849 Web Zero-day protection page doesn't load if filename ends in percent.
NC-131685 Web HTTPS error 502 while browsing URL cosmopolitan.com in legacy web proxy mode due to trailers.
NC-131687 Web HTTPS error 502 while browsing URL scottdirect.com in legacy web proxy mode because header size was greater than 8k.
NC-128897 WebInSnort Previously allowed applications get blocked.
NC-132126 Wireless Wi-Fi separate zone doesn't match the firewall rule.
NC-131582 XGS BSP No traffic except on the management port after a restart.
NC-132065 XGS BSP SFP ports don't respond after an upgrade to 20.0.

Version 20.0 MR1 Build 342

Fixed issues, listed by ID, description, explanation and Workaround.
Issue ID Component Description
NC-77828 API Framework Unable to import user activity that contains web categories with special characters.
NC-122760 AppFilter Policy Unable to update or push app filter policy from Sophos Central.
NC-120582 Authentication Updated the log message for brute force sign-in event.
NC-120484 WebInSnort Firewall stops responding because of out-of-memory issue.
NC-120875 Authentication AD group import fails when username has special characters.
NC-121619 Authentication Admin access to the web admin console gets blocked after two wrong attempts when MFA is on.
NC-124603 Authentication When the primary user group ID is greater than 9999, captive portal disconnects within 5-10 seconds of signing in.
NC-124684 Authentication Static IP address isn't released sporadically for SSL VPN users.
NC-127830 Authentication RADIUS users who aren't part of VPN group are able to connect to SSL VPN.
NC-128138 Authentication Captive portal with custom code isn't working properly.
NC-131097 Authentication When the AD server connection flaps, ldap_bind blocks for 30 minutes, resulting in time-out and failure of new authentication requests.
NC-131290 Authentication Web admin console sign-in error when Azure AD SSO is used: Firewall is starting.
NC-125264 Azure Firmware upgrade of SFOS on Azure to 20.0 GA fails and results in a single NIC if it was configured with three or more NICs.
NC-124919 CDB-CFR, CM, CM (Zero Touch) Firewall's web admin console shows the ZT and CZT wizard even after ZT and CZT are completed because nvram flag isn't reset.
NC-119857 CM Firewall's Web admin console stops responding on the Sophos Central page.
NC-124391 CM VPN tunnel flaps between the firewall and a third-party firewall.
NC-129249 CM, Core Utils Fixed vulnerabilities in libssh2 CVE-2023-48795 for Sophos Central services. Upgrade to SFOS 20.0 MR2 for the full fix to all firewall services.
NC-127120 Core Utils Fixed NPU log error.
NC-126965 DHCP Firewall stops logging DHCP logs, and Garner service doesn't respond and can't be restarted.
NC-128820 DHCP DHCP server configured with relay agent request with All interface selection doesn't work after migration or restoring a backup.
NC-129171 DHCP DHCP stopped working after upgrade from 19.5.3 to 20 GA.
NC-117690 DHCP DHCP Next server and Boot file ignored PXE Boot DHCP options 66 and 67.
NC-116339 Wireless Hostapd service stops responding after wireless network is added to the access point group.
NC-126738 Interface Management HA isn't established with VLAN over unbound interface as dedicated link.
NC-125076 Dynamic Routing (BGP), Dynamic Routing (OSPF) Zebra continuously restarts when configuration contains a gateway IP address that's actually the broadcast IP address.
NC-120967 Email Inbound and outbound emails are delayed after firmware is upgraded to 19.5.2.
NC-121980 Email Users receive duplicate emails.
NC-122260 Email Two email addresses in Return-Path: and From: Header after you release and report emails from Quarantine digest in SFOS 19.5.1 and 19.5.2.
NC-123889 Email High CPU usage by warren after upgrade to 19.5.3.
NC-124266 Email Notification emails are getting stuck in mail spool when there is smarthost with RED tunnel setup.
NC-124453 Email Not able to see, release, or delete emails from SMTP quarantine.
NC-125084 Email DKIM isn't working as expected.
NC-133277 Email, WAF UX issue for DH group in IPsec profiles.
NC-119893 Firewall SFOS is accessible to requests from another network for network and broadcast IP addresses.
NC-123538 Firewall MAC filter spoof check doesn't work. SPOOF_CHECK chain entry is missing.
NC-123249 Wireless Access points remain offline if device is restarted after turning off the Wireless Protection option.
NC-124012 Firewall NAT rule isn't marked even after an upgrade to 19.5.3.
NC-124251 Firewall RED service doesn't respond.
NC-124551 Firewall Firewall rules don't work after upgrade from 18.5.3 to 19.5.3.
NC-127532 Firewall Logviewer shows source IPv6 address in dst_trans_ip field for IPv6 hairpin NAT.
NC-120434 Firmware Management Discrepancy in HA role status.
NC-125791 Firmware Management High SWAP memory issue for a virtual appliance.
NC-132224 Firmware Management Upgrade to 20.0 failed on XGS 87 with Invalid firmware error.
NC-118929 HA msyncd stops tracking events and doesn't start tracking again.
NC-120730 HA HA failover results in missing configurations.
NC-124105 HA Configuration changes show the following error: The Operation will take time to complete. The status can be viewed from the Log viewer page.
NC-128183 Hardware Flexi module port doesn't work on XGS 2100 after the firewall restarts.
NC-122885 Import-Export Framework Unable to export user configuration in 20.0.1.
NC-124721 Interface Management Firewall stops responding and requires a restart.
NC-133495 Interface Management Can't turn off Port1 if the web admin console language is set to German.
NC-119561 IPS-DAQ Inject buffer leak causes traffic outage.
NC-124957 IPS-DAQ FIN and RESET packets leave WAN interface with LAN IP address information.
NC-125294 IPS-DAQ-NSE Firewall drops reset packet in LAN-to-LAN communication when DPI is on.
NC-130365 IPS-DAQ-NSE Slower download speed for TLS-inspected traffic from some servers.
NC-121370 IPsec Memory usage of XG 230 has been increasing since it was upgraded to 19.5.1-Build 278.
NC-123233 IPsec IPsec SA establishment is sporadically interrupted.
NC-123230 Wireless LocalWiFi status isn't correctly reflected on the access points page.
NC-124464 IPsec strongSwan service fails to start after HA failover.
NC-127177 IPS Engine IPS logs aren't generated in Log viewer.
NC-125251 IPS Ruleset Management Count issue related to firewall rules with IPS for read-only administrator profile.
NC-68574 Logging Framework Logs with Central Reporting enabled are sent to unreachable syslog server at 127.0.0.1.
NC-117777 Logging Framework Network traffic report calculation shows different values at different times.
NC-118327 Logging Framework Syslog format Standard Syslog Protocol logs with key log_id as both number and string.
NC-122033 Logging Framework WAN interface graph shows incorrect values for historical data collected five minutes before or after the hour limit.
NC-123602 Logging Framework /conf partition gradually increases in XG 86 and XGS 87.
NC-123771 Logging Framework (Central Reporting) Central Report hub doesn't show the past 24-hour statistics from the firewall because SFOS sends reports to Sophos Central at a low rate.
NC-124987 NFP-Firewall Access to remote network over IPsec VPN stops. Packet capture mitigates the issue.
NC-125112 NFP-Firewall RED tunnel down in 19.5.3. Turning off firewall acceleration resolved the issue.
NC-128656, NC-128159 nSXLd, CM nSXLD times out when the first two DNS servers aren't reachable and the third DNS server is reachable.
NC-133022 nSXLd Fixed the "invalid traveller type" error.
NC-115843 PPPoE Scheduled PPPoE reconnect doesn't work.
NC-115457 XGS BSP Fiber interfaces are taking more time to negotiate in XGS than in XG.
NC-128072 PPPoE Missing PPPoE logs.
NC-123969 RED Primary device automatically restarts and fails over to the auxiliary.
NC-126941 RED For site-to-site RED from XG 106, client doesn't automatically reconnect after the tunnel goes down.
NC-130949 RED Some RED devices went down after firewall firmware was downgraded from 20.0 to 19.5.3.
NC-122948 SDWAN Routing Garner logs are full with SD-WAN route gateway resolution message.
NC-126363 SDWAN Routing A firewall rule isn't matched occasionally.
NC-127524 SDWAN Routing SD-WAN route and default MASQ are applied to system-generated traffic for policy-based IPsec VPN.
NC-124588, NC-124590 SecurityHeartbeat, LCD Framework Certain heartbeat opcodes are always called with the debug details even though csc isn't in debug mode.
NC-129618 SecurityHeartbeat Heartbeat service dead due to malformed MAC address.
NC-123237 SSLVPN Grammar error on the web admin console for route-based VPN connection.
NC-123723 SSLVPN XG 86w doesn't reconnect SSL VPNs after a restart.
NC-124647 SSLVPN Unable to connect to SSL VPN after firmware was upgraded to 19.5.3.
NC-128468 SSLVPN Unable to generate the .ovpn file because of missing server_dn in tblsslvpnglobalconf when custom certificate is used.
NC-128469 SSLVPN Some AD users are unable to download the SSL VPN configuration file from the user portal.
NC-130692 SSLVPN Special characters are replaced with encoded values.
NC-130938 SSLVPN More certificates in .ovpn file than before upgrade.
NC-131180 SSLVPN SSL VPN remote access resources become inaccessible.
NC-118599 Static Routing Static route configuration must prevent configuration of the interface IP address as gateway IP address.
NC-120986 Static Routing When HA is disabled, the previous auxiliary isn't able to update its firmware because of Zebra CLI backend routes.
NC-119425 Synchronized App Control Garner log filled with "usercache_output: cannot resolve appcatid 0".
NC-119289 Wireless Hotspot voucher shows SSID WLAN password after removing SSID encryption from wireless network settings.
NC-79314 UI Framework UX issue on SD-WAN profiles.
NC-118925 UI Framework Failed to restore backup if the backup file name has & in the prefix.
NC-118913 Wireless AP firmware isn't automatically updated after AP pattern update.
NC-123712 UI Framework Web admin console stops responding.
NC-124188 UI Framework Fixed HTTP Host Header Injection in the user portal.
NC-124909 VFP-Firewall Firewall automatically restarted.
NC-124519 WAF Form-based authentication doesn't work after upgrade from 19.5.2 to 19.5.3.
NC-125102 WAF WAF outage several times a day due to a coredump.
NC-130528 WAF Missing WAF parameters in XML API.
NC-130684 WAF Unable to update WAF rule after updating the certificate.
NC-130710 WAF Can't upgrade to 20.0 if a rule template exists with the same name as a new template name.
NC-81555 Web Removing all domains or keywords from a custom category doesn't work.
NC-124040 Web Unable to get proper "Web activity category" report under "Blocked Web attempts".
NC-125115 Web awarrenhttp doesn't start if nasm isn't running.
NC-127260 Web Continuous coredumps are generated.
NC-128631 Web Network outage when downloading files with .hpi extension.
NC-128520 Wireless Unable to restore backup from XG 135w to XGS 2100.
NC-131591 Web awarrenhttp must reconnect to nSXLD after a time-out.
NC-118893 WebInSnort WebInSnort logs RSA key size 3072 as key_param="RSA unknown type" in Log viewer.

Version 20.0 GA Build 222

Fixed issues, listed by ID, description, explanation and Workaround.
Issue ID Component Description
NC-125331 Authentication Azure AD SSO captive portal authentication is stuck when the web proxy listening port isn't 3128.
NC-125589 DHCP, DHCP PD On-link and autonomous settings are turned off in automatically created RA server for delegated interface.
NC-125595 DHCP, DHCP PD Incorrect error message when creating downstream interface with invalid subnet ID.
NC-124414 Email SPX password exposure in plain text (CVE-2023-5552).
NC-125369 Email Exim libspf2 vulnerability (CVE-2023-42118).
NC-125221 RED RED doesn't establish site-to-site tunnels when RED server enforces TLS 1.2.
NC-119334 Backup-Restore The backup download button is unresponsive.
NC-118460 Dynamic Routing (PIM) Clicking PIM-SM interface table shows the error "Unable to read routing information".
NC-116220 Email Awarrensmtp was in failed status, and inbound email wasn't delivered, but a non-delivery report wasn't sent to senders.
NC-117638 Email Emails are quarantined even if the sender address is added in exception.
NC-124102 Email Unable to turn off legacy TLS protocols.
NC-107708 Firewall Firewall restarts automatically (RIP 0010muser_match+0x747).
NC-120016 Firewall Local ACL doesn't work when the name contains the backslash character.
NC-113034 Hardware Lost device access to XGS appliances, and logs aren't available.
NC-116002 IPsec, SDWAN Routing Branch office users unable to receive an email, mail is slow, IPsec traffic is slow.
NC-122180 Licensing Unable to access web admin console due to license synchronization issue.
NC-122699 nSXLd Adding a trailing period at the end of the domain bypasses web policies.
NC-122511 RED Vulnerability detected on port 3400.
NC-119192 VFP-Firewall Slow speed using Virtio NICs.
NC-119052 WAF WAF protection policy's display issue on the web admin console.
NC-121432 WAF The /tmp directory doesn't remove files and runs out of space, causing AV scan failure.
NC-121415 Web AVD stops responding after a pattern update because a thread isn't released.
NC-119829 WWAN Verizon Mifi 4G USB modem (U620L) doesn't work after an upgrade to 19.5 MR2.
NC-114104 AppFilter Policy Application filter policy set to block all applications loses risk criteria when the template is pushed from Sophos Central.
NC-107481 Authentication Log viewer doesn't show the source IP address for authenticated SSL VPN users.
NC-110927 Authentication Missing logs for MFA enable-disable events.
NC-113532 Authentication Can't remove authorizers from the data anonymization setting.
NC-114057 Authentication Match known users option in firewall rule drops traffic because user identity isn't being marked.
NC-114950 Authentication View usage doesn't work when the username has a single quote, and web admin console stops responding.
NC-116602 Authentication Log viewer doesn't show the source IP address when authentication fails for SSL VPN Users.
NC-116880 Authentication When two-factor authentication is on, SSH keys disappear if they're added by an administrator other than the default admin.
NC-116881 Authentication Uploading a certificate when the admin signs in through Azure AD SSO results in a sign-out.
NC-119049 Authentication access_server stops responding due to missing nsgencode multi-thread support.
NC-119183 Authentication Transaction failure for eDirectory authentication server.
NC-119560 Authentication Mandatory firmware update through the setup assistant causes the initial setup to start repeatedly.
NC-94533 Certificates Attribute challenge password prevents the issue of a certificate with No-IP.
NC-119825 Certificates Unable to download the default certificate from Web > General Settings. Results in a sign-out when admin clicks the download button.
NC-102256 Clientless Access VNCFreeRDP stops responding.
NC-108378 Clientless Access Clientless access doesn't work if name contains an umlaut character.
NC-114627 Clientless Access Unable to connect to RDP over clientless SSL VPN if the username contains a space.
NC-115982 CM Alert appears in Sophos Central. "Firewall has not checked in with Sophos Central for the past 5 minutes".
NC-116312 CM Garner thread stuck in Central Management plugin.
NC-118749 CM Specific API call doesn't work.
NC-119198 CM Unable to change the password for admin accounts from Sophos Central Firewall Management.
NC-120519 CM Disable Central Management doesn't work per the firewall's API document.
NC-108562 Core Utils Public key authentication for admin can't be managed through Sophos Central.
NC-117314 Core Utils SWAP memory usage full.
NC-107388 DDNS DDNS logs appear every five minutes.
NC-111790 DHCP Unable to configure or edit interfaces.
NC-113102 DHCP Unable to add static MAC entry for specific DHCP pool.
NC-109623 Dynamic Routing (BGP) BGP-FRR doesn't advertise the configured networks if they aren't available in RIB.
NC-115369 Dynamic Routing (OSPF) OSPF repeatedly flaps when running continuous scan with ICMP echo.
NC-112492 Dynamic Routing (PIM) PIMD service doesn't respond.
NC-107283 Email Awarrensmpt service doesn't respond.
NC-108237 Email Spam emails are allowed with the error "spam scanning failed, unable to connect local antispam".
NC-108450 Email Inbound forwarded emails with attachments aren't delivered because of malware scan failure.
NC-109625 Email Inbound emails from specific domains are quarantined because of DKIM verification failure.
NC-110897 Email Error logs when using Sophos as AV in web server protection policy.
NC-111023 Email Legacy email mode stops responding frequently.
NC-112128 Email Release link settings can't be saved in quarantine digest.
NC-113038 Email Mail communication stopped working after upgrading to 19.5 GA.
NC-113458 Email MIME type recognition issues when Zero-day protection is turned on.
NC-113547 Email Invalid IP address causes error for notification mails.
NC-116845 Email Fix occasional UT error in mailpoller.
NC-116899 Email Attachment is allowed even if it's blocked in extension or MIME header.
NC-117881 Email Antispam service stops responding.
NC-120138 Email EmailUtilityis_valid_messageid is too strict.
NC-101846 Firewall Connections fail due to a high number of www in FIN_WAIT.
NC-108536 Firewall Firewall rules stopped working after backup-restore due to failure of XML API through which the firewall rules were created.
NC-109201 Firewall Device goes into Failsafe mode after upgrade. Unable to apply firewall framework.
NC-112136 Firewall RED connection interrupted when firewall acceleration is turned on in XG 310.
NC-116527 Firewall Entities.xml shows a firewall rule that doesn't appear on the web admin console.
NC-116890 Firewall NAT rule doesn't get marked after the firewall restarts.
NC-116939 Firewall Pktcapd bpf filter causing device restart (___bpf_prog_run).
NC-117063 Firewall Allowed child connection is logged as dropped.
NC-118204 Firewall, SDWAN Routing Static multicast packet changes reply destination when SD-WAN policy is applied.
NC-85114 Firmware Management kworker process continuously uses high CPU on XG 450.
NC-109689 FQDN Adding a new FQDN host causes the resolver to restart or stop responding and causes DNS resolution failure during the time.
NC-111423 FQDN FQDN resolving with low TTL (2-5 seconds) is creating an issue with wildcard FQDN host.
NC-111476 FQDN Subdomain learning doesn't work for non-SFOS DNS server set for the client.
NC-117675 Gateway Management WWAN gateway update flow updates incorrect monitorid when wwan-gwid isn't the same as its monitorid.
NC-109626 HA Standalone device restarts. Too many open files.
NC-106738 Hotspot Sort functionality doesn't work properly for hotspot vouchers in the user portal.
NC-119525 Hotspot Valid until time on hotspot sign-in uses UTC instead of local system time.
NC-120118 Hotspot Missing information in hotspot voucher created for users.
NC-116314 Interface Management Unable to delete or make changes to bridge interface.
NC-98796 IPS-DAQ Coredump during DAQ shutdown due to incorrect order of thread stop.
NC-107329 IPS-DAQ Snort shows high CPU usage, resulting in low bandwidth.
NC-114872 IPS-DAQ Certificate-based authentication failing for server with small RX win.
NC-115019 IPS-DAQ-NSE Firewall locks up. Snort core generated.
NC-119321 IPS-DAQ-NSE Slow download speed with SSL/TLS inspection turned on along with malware scanning even if TLS isn't being decrypted.
NC-107042 IPsec IPsec VPN path MTU-related connection issues with IPsec acceleration.
NC-119047 IPsec SSL/TLS inspection doesn't work for VPN users.
NC-119898 IPsec XFRM tunnel remains disabled when both site-to-site and route-based VPNs are up simultaneously on the same local-remote gateway pair.
NC-114411 IPS Engine IPS policy behavior issue in Sophos Central.
NC-116448 L2TP A checkbox isn't visible on the first line for L2TP members.
NC-112138 Licensing Licenses not synchronizing.
NC-107504 Logging Framework Unable to update the pattern file at AirGap sites.
NC-107975 Logging Framework Logging stops on device. Database disk image is malformed.
NC-110678 Logging Framework Live logs aren't being generated in log viewer.
NC-113004 Logging Framework Garner stops responding at init_cache_tree during sync cache.
NC-114652 Logging Framework (Central Reporting) After 7200 files, sending files to Sophos Central stops with error on gzclose.
NC-108003 NFP-Firewall Memory utilization increases until firewall stops responding.
NC-100418 nSXLd Internet down with error "nSXLd Connection timeout while connecting to SXL server".
NC-115360 nSXLd Deleted policy from Sophos Central continues to appear in the firewall.
NC-117753 PPPoE Internet through PPPoE doesn't work after HA failover.
NC-112058 RED Some reports for RED tunnel on XG Firewall don't load.
NC-112117 RED Editing a RED configuration in XG Firewall caused the firewall to become unresponsive.
NC-112621 RED Unable to edit some RED interfaces.
NC-113005 RED RED tunnels restart suddenly.
NC-117243 RED Disable DHE cipher support for RED.
NC-117786 Reporting Security Audit Report score data in email differs from what's shown in the firewall.
NC-111110 SDWAN Routing Import-export doesn't reflect changes in SD-WAN profiles.
NC-112722 SDWAN Routing garner.log is flooded with continuous logs for cache failures.
NC-114075 SDWAN Routing Connectivity issue when using route-based VPN with SD-WAN Routes or profiles.
NC-107178 SecurityHeartbeat Improve license enforcement message for Synchronized Security.
NC-116531 SecurityHeartbeat Can't access resources for some time when Security Heartbeat is configured.
NC-117680 SecurityHeartbeat Ipset hb_green entry removed without cause.
NC-111441 SSLVPN Remote access SSL VPN doesn't work after upgrade.
NC-112065 SSLVPN When Azure AD is used as the authentication type, the Authentication > Services page goes into buffering.
NC-112211 SSLVPN /conf/certificate/openvpn directory is missing.
NC-114163 SSLVPN Connections from LAN to static SSL VPN IP address are routed through WAN on XGS.
NC-117669 Firewall "Invalid TCP state" logs in HA appliances for traffic coming from the auxiliary device.
NC-120190 SSLVPN Site-to-site SSL VPN connections fail due to the absence of serveruser.conf file.
NC-112370 Gateway Management Error while updating failover rules in WAN link manager.

Known issues

To see the known issues for the firewall, go to the Known issues list.

Set Choose your product to Sophos Firewall. Alternatively, enter a search term.

Upgrading firmware and restoring backups

Upgrading firmware

  • Form factors:
    • SFOS 20.0 GA and MRs are available on all form factors.
    • SFOS 20.0 GA and MRs will be the last firmware versions to support XG and SG Series hardware appliances.
  • LINCE: Versions 20.0 MR1 and MR2 are LINCE-compliant. For more details, see the help page National Essential Security Certification (LINCE).

Important points to know before you upgrade to 20.0 MR1 and later versions

SSL VPN

Firewalls upgraded to 20.0 MR1 and later versions won't establish SSL VPN tunnels with the following clients and firewall versions:

  • SFOS 18.5 and earlier versions (end-of-life): Site-to-site SSL VPNs won't be established between SFOS 18.5 or earlier versions and SFOS 20.0 MR1 and later versions. We recommend that you upgrade both firewalls to 20.0 MR1 and later versions at the same time. Alternatively, you can use site-to-site IPsec or RED tunnels.
  • Legacy SSL VPN client (end-of-life): Remote access SSL VPN tunnels won't be established with the legacy SSL VPN client, which is already end-of-life. You can use the Sophos Connect client or third-party clients, such as OpenVPN client, or use remote access IPsec tunnels.
  • UTM9 OS: Site-to-site SSL VPNs won't be established between UTM9 OS and SFOS 20.0 MR1 and later versions. We recommend that you migrate these to 20.0 MR1 and later versions. Alternatively, you can use site-to-site IPsec or RED tunnels.

End-of-life RED devices

20.0 MR1 and later versions won't support the following legacy RED devices: RED 15, 15w, and 50. They have been declared end-of-life in 2023. For more details, see the article Sophos RED: End-of-life of RED 15/15(w) and RED 50.

Versions you can upgrade from

We strongly recommend that you migrate only to the approved versions in the following table. If you try to migrate to other versions, Sophos Firewall shows an alert asking you to confirm the migration before it restarts. If you confirm the migration, Sophos Firewall restarts with the factory configuration, and you lose your current configuration.

See how to upgrade.

Upgrading firmware
Upgrade from Upgrade to 20.0 MR2 Build 378 Upgrade to 20.0 MR1 Build 342 Upgrade to 20.0 GA Build 222
20.0 MR1 Build 342
20.0 GA Build 222
19.5 MR4 Build 718
19.5 MR3 Build 652
19.5 MR2 Build 624
19.5 MR1 Build 278
19.5 GA Build 197
All 19.0 versions
All 18.5 versions

Sophos Central: You can schedule firmware upgrades from Sophos Central.

Previously restored Cyberoam backup: If your appliance uses a configuration previously restored from a Cyberoam backup, the firewall allows you to upgrade to version 20.0.x only if you've regenerated the appliance certificate at least once on SFOS. (The appliance certificate generated on Cyberoam devices uses a weak signature algorithm (MD5). SFOS 20.0.x doesn't support appliance certificates with this algorithm.)

Static route configurations through Zebra advanced shell: We introduced a new routing engine, which enables the firewall to monitor the interface link status and network configuration. This is a change from the earlier behavior. If you're upgrading or restoring the backup from 19.0.x and earlier versions, static routes configured through the Zebra advanced shell CLI commands won't migrate to 19.5.x and later versions. So, in some cases, the firewall won't allow you to upgrade to SFOS 20.0.x. For details, see the knowledge base article Upgrade to 19.5 GA blocked for specific routing configurations.

Backup-restore

Backups restored to 20.0 MR2

You can restore backups to firewall models with fewer ports.

  • Backups from versions 19.5 MR4 and later: The backup-restore assistant appears when you restore backups from XG, SG running SFOS, and XGS to XGS Series, cloud, and virtual firewalls.
  • Backups from versions 19.5 MR3 and earlier: The backup-restore assistant doesn't appear, and the firewall automatically maps the interfaces.

Help links

  • See the help page Restore backups to 20.0 MR2.
  • Use the tool to check if you can restore backups between appliance models and platforms. Check compatible devices to restore backups.
  • Watch the video Backup-restore enhancements.

Backups restored to 20.0 GA and MR1

  • The backup-restore assistant doesn't appear.
  • You can restore backups from SG, XG, XGS Series, cloud, and virtual appliances to any of these appliances.
  • You can't restore backups from larger models to desktop models. See Backup-restore compatibility check.

Supported platforms

Version 20.0

Sophos Firewall OS versions 20.0.x are available on all form factors as follows:

  • XGS Series firewalls
  • XG Series firewalls
  • SG Series firewalls
  • Virtual and software appliances
  • Cloud platforms

Additional information

  • SFOS 20.0 GA and MRs will be the last firmware versions to support XG and SG Series hardware appliances.
  • For all hardware lifecycle milestones, see Retirement calendar.
  • For more information about the supported firmware versions, licenses, and migration, see Sophos Firewall: Licensing guide.

Supported firmware versions

20.0.x versions support the following firmware versions:

  • Wi-Fi firmware 11.0.021 and earlier
  • RED firmware 3.0.009 and earlier
  • Sophos Connect 2.3 MR-1 and earlier

Support

You can find technical support for Sophos products in the following ways:

  • To ask or answer questions, subscribe to blogs, and see recommended reads, visit Sophos Community.
  • Find how-to, configuration, and troubleshooting videos at Sophos Techvids video hub.
  • Visit Sophos Support.

Legal notices

Copyright © 2022 Sophos Limited. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner.

Sophos and Sophos Anti-Virus are registered trademarks of Sophos Limited and Sophos Group. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.

Sophos Firewall release notes (2024)
Top Articles
Latest Posts
Recommended Articles
Article information

Author: Francesca Jacobs Ret

Last Updated:

Views: 5643

Rating: 4.8 / 5 (48 voted)

Reviews: 95% of readers found this page helpful

Author information

Name: Francesca Jacobs Ret

Birthday: 1996-12-09

Address: Apt. 141 1406 Mitch Summit, New Teganshire, UT 82655-0699

Phone: +2296092334654

Job: Technology Architect

Hobby: Snowboarding, Scouting, Foreign language learning, Dowsing, Baton twirling, Sculpting, Cabaret

Introduction: My name is Francesca Jacobs Ret, I am a innocent, super, beautiful, charming, lucky, gentle, clever person who loves writing and wants to share my knowledge and understanding with you.