NC-87676 |
WAF |
WAF may stop working after a backup is restored for firewalls that first started with a version earlier than 18.0 GA and are currently running a version later than 18.0 GA. |
If WAF does't start and reverseproxy.log shows the following message, contact Sophos Support: Invalid encrypted key |
NC-85454 |
PPPoE |
When more than one PPPoE link is configured on SFOS, and you upgrade the firmware to 18.5.MR2 build #380, passwords of the PPPoE links are lost for all but any one PPPoE link. So, only one PPPoE link remains functional after migration. The other links don't connect because of authentication failure. |
Edit the PPPoE interface configuration, update the password, and save the configuration. |
NC-85343 |
Network utils |
Unable to update interface name using the following terms: "port", "eth", or
"ge". |
The names of physical and virtual interfaces, wireless networks, and IP tunnels
can't start with system-reserved names, such as port, eth, ge, and xfrm, except
when the Name is the same as the Hardware name. |
NC-85313 |
API framework |
No status code in API response. |
You must use one of the tags <Set>, <Get>, or <Remove>, after
the <Login> tag.
|
NC-85063 |
WAF |
WAF does not permit file uploads larger than 1 MB in OWA. |
Contact Sophos Support. |
NC-84972 |
Web |
When you use the web proxy, files that undergo anti-virus scanning are stored
in /tmp. If web caching is turned on (Web > General settings > Enable web
content cache) the /tmp directory may run out of space. To determine if the
issue affects the firewall, enter the following command:
df -h /tmp
If the availble space shows 0 MB, enter the following command:
du -c /tmp/0x1*
Non-zero length files can take up a significant portion of the partition.
Large numbers of files that are of zero length don't cause the issue.
|
Do one of the following:
- Go to Web > General settings, and clear the check box "Enable web
content". This option is turned off by default.
- Restart the firewall.
|
NC-84550 |
Reporting |
Local reports on Sophos Firewall differ from CFR reports. If the number of bytes
transferred exceeds 32 bits, log viewer shows the truncated value. |
Will be resolved shortly. |
NC-84517 |
Firewall |
Firewall rule isn't applied to terminal server traffic from Server Protection
SATC. |
The firewall must join the EAP for New Server Protection features and confirm
the machine is added to EAP. See details. |
NC-84171 |
L2TP |
Multiple clients behind NATed device cause traffic issues. When these try to
connect to Sophos Firewall, tunnels are established. However, ping from the
first client drops after a few seconds. There's no ping from a client when the
other client's ping works. |
Will be resolved shortly. |
NC-84054 |
SecuirtyHeartBeat |
Configuration migration fails due to invalid byte sequence. Backup isn't restored if there's an error with the database tblappstoeps since it may contain an invalid byte sequence for encoding "UTF8". |
Contact Sophos Support. |
NC-83527 |
SecurityHeartbeat |
Unable to register Firewall with Sophos Central account because Amazon
certificate isn't present in /conf/. |
To check if an Amazon certificate is present, enter the following command
openssl crl2pkcs7 -nocrl -certfile
/conf/certificate/internalcas/cloud-ca.crt | openssl pkcs7 -print_certs
-text -noout | grep Issuer
If Amazon CA isn't present, do as follows:
- mount -o rw,remount /
- cp ""/conf/certificate/internalcas/cloud-ca.crt""
""/conf/certificate/internalcas/cloud-ca.crt.org""
- cp ""/_conf/certificate/internalcas/cloud-ca.crt""
""/conf/certificate/internalcas/cloud-ca.crt""
- mount -o remount,ro /
These steps don't require downtime.
|
NC-83108 |
Config Migration Framework |
Upgrading from 18.0.MR6 to 18.5.MR1 results in a factory reset. |
Downgrade to the previous firmware and then upgrade to 18.5.MR2. Alternatively,
you can upgrade to 18.5.GA and then to 18.5.MR1. |
NC-82331 |
Security Heartbeat |
From 18.5 MR2, Sophos Firewall encrypts certificate keys. So, when you upgrade
to this version, the firewall refreshes the certificate used by synchronized
endpoints to send a Security Heartbeat.
If DNS resolution to sophos.com
fails, the endpoints may not get the new certificate from Sophos Central, and
the heartbeat fails. |
Do as follows:
- Make sure the endpoints have network connectivity during the upgrade.
They can then fetch the new certificate from Sophos Central.
- If the endpoints are blocked from getting DNS resolution for sophos.com
to download the new certificate, go to the corresponding firewall rule
and temporarily clear the checkbox "Block clients with no heartbeat".
|
NC-81520 |
Hotspot |
Password isn't printed on the hotspot voucher for bridge to AP LAN and bridge
to AP VLAN.
|
Use a wireless network with Client traffic set to Separate zone instead. Do as
follows:
- Go to Wireless > Wireless networks.
- Select the network you want and set Client traffic to Separate zone.
- Go to Hotspots and select the hotspot you want.
- Set Interfaces to this wireless network.
|
NC-81039 |
Licensing |
SFOS gets stuck after a restart. On the hardware, hyperthreading was turned on,
stopping the kernel from starting. It only happens when SFOS RAM/CPU are lower
than that purchased in the license and hyperthreading is turned on on Dell
hardware. |
Turn off hyperthreading on the server. |
NC-73295 |
IPsec |
Child SA (Security Association) disconnects when idle setting is turned on in
IPsec remote access. |
Under Idle settings, clear the checkbox for Disconnect when tunnel is idle.
Create a network rule below the user-based firewall rule. If an
active user signs out and user-based rule no longer matches the traffic, the
network rule matches, allowing traffic for active networks (child SAs).
Then turn the idle setting back on.
|
NC-73174 |
Logging framework |
Log viewer shows the DDNS events for success and failure twice. |
Known behavior |
NC-71401 |
Central Management |
Unable to register XG Series firewalls with Central Manager using email
addresses with more than 50 characters. |
Enter an email address with fewer than 50 characters. |
NC-70369 |
Dynamic routing (OSPF) |
Auto-interface cost calculation doesn't work for OSPF. |
Go to Routing > OSPF > Override interface configuration. Click Select interface,
clear the check box for Interface Cost and enter the cost. |
NC-69633 |
Email |
Wildcard SMTP exceptions for FQDN hosts appear on the exceptions list. However,
when editing the exception, they aren't visible. |
Will be resolved shortly. |
NC-69491 |
Authentication |
Unable to access the web admin console after an auto-restart.
When a high number of RADIUS SSO users sign in simultaneously
and the firewall restarts, sometimes the web admin console isn't available
after the restart. However, LAN users can connect, and you can access the
firewall through SSH.
|
Known behavior |
NC-69439 |
Web |
For the internet scheme web policy in devices migrating from CROS to SFOS,
Policy tester doesn't show the web filter ID. |
Known behavior |
NC-69088 |
Unable to create Secure Storage Master Key on HA devices. |
On HA devices migrated to 18.0 MR3 or MR4, administrators are unable to create
the Secure Storage Master Key. |
If you have a configuration backup, reset the firewall to factory
configuration. Upgrade to 18.0 MR4 or later version. Restore the backup.
Rejoin HA.
If you don't want to reset to factory configuration, enter the following
advanced shell commands:
- /bin/nsgenc reset -f
- /bin/nsgenc init
- reboot
- /bin/nsgenc status; echo $?
If the result is 1, restore the backup. Upgrade to 18.0 MR4 or
later version. Rejoin HA.
If the result is 0, contact Sophos Support.
|
NC-68908 |
RED |
On the web admin console, SD-RED doesn't show LTE support. |
SD-RED supports LTE, but incorrectly shows 3G/UMTS failover on the web admin
console.
Will be resolved shortly.
|
NC-68438 |
Web |
Web policy rule doesn't support users with the character "/" in the name. |
Known behavior |
NC-67790 |
DHCP |
DHCP doesn't assign multiple IP addresses to the same MAC address.
Example: For the captive portal to work over a bridged
interface with a VLAN, the access point creates a virtual interface and
needs an IP address from the VLAN. When the captive portal asks for an IP
address over
VLAN, the discover request comes with the interface's MAC address. If one
scope is set to static and the other to dynamic, the IP assignment doesn't
work.
|
Set both the DHCP scopes to dynamic or static. |
NC-67688 |
HA |
For 18.0 MR1, when the backup contained redundant information, it increased the
backup size. If a larger backup is taken and restored, the /conf may be larger
than expected. |
Run the following commands on the advanced shell:
rm -rf /conf/httpclient/httpclient
rm -rf /conf/iview_images/iview_images/
Take a backup again.
|
NC-65961 |
Web |
Log viewer for Firewall and Web filter shows Allowed for all port 80/443 traffic
from WAN to WAN and LAN zones, although users initiating traffic from the WAN
zone are shown a block page. |
Known behavior |
NC-65625 |
SSL VPN |
OpenSSL limits the CN (Common Name) to 64. OpenVPN limits the CN to 63 + 1 (null
character). This limits the <username>@<domain name> length to 51
characters since a 12-character random string is added to
the CN. |
Only use up to 51 characters for <username>@<domain name>. |
NC-63913 |
IPS policy |
When XG Series firewall is in FETCH mode in SFM, and users change the Advanced
threat setting using the template, the SFM event log shows a failure message.
|
Known behavior |
NC-63535 |
Email |
Modifications aren't allowed to the block email senders list. On Email > General
setting > Block senders, when users add a domain or email address, the error
"Request could not be completed" appears and the domain or
email address isn't added. |
Remove any of the domains or email addresses from the block senders list and add
them again. |
NC-62786 |
VFP-Firewall |
Turning firewall-acceleration on or off bounces the ports. |
Will be resolved shortly. |
NC-60401 |
Central Management |
When you downgrade the firmware or reset a firewall registered with Sophos
Central (and services accepted on Sophos Central), the firewall loses its
central registration information.
When it's registered again and Central management is turned
on, endpoints already known to Sophos Central and the Central Management API
consider this a bad request since Central services have already been
approved.
|
Deregister the firewall. For HA devices, deregister both firewalls from Sophos
Central.
Sign in to Sophos Central., go to
Firewall management and click Remove from Central for the firewall.
Alternatively, run the following command on the advanced shell:
/bin/central-register --register -u
<email_of_central_account> -p <password_of_central_account>
-s <serialnumber_of_firewall>
Once the registration passes, you can deregister the firewall
from the Sophos Central console.
|
NC-60381 |
Firewall |
When heartbeat is set to block endpoints with a red status in the firewall rule
configured for a bridge interface, and the firewall blocks the MAC address, it
also blocks DHCP requests from the endpoints. |
Create a firewall rule with Rule position set to Top and Services set to DHCP.
Don't specify the Synchronized Security Heartbeat settings. |
NC-60294 |
Authentication |
Users aren't removed immediately from the Live user list when they sign out
using the Sophos Network Agent (iOS or Android) although the app disconnects
immediately.
|
Enter the following commands through the advanced shell:
echo 0 > /content/caaios
echo 0 > /content/caaand
restart access_server
|
NC-59839 |
Firewall |
Email logs for bounced emails may show IP addresses that aren't configured as
the source address.
Log entries are generated for connection table entries rather
than from routing. For conntrack creation, the firewall uses any gateway IP
address as the original source address (example: Port4: 10.24.255.254). When
routing is done on layer 3, the decision may be to route that connection
through Port2, but the original source isn't changed.
|
Known behavior |
NC-59800 |
Firewall |
Creating new firewall rules above the automatic SMTP rule (Email MTA mode) may
result in a mail queue on the firewall.
The firewall then accepts SMTP traffic but can't deliver the
emails to the next hop. Mail queue and time-out errors appear on the
/log/smtpd_main.log
This can happen with manually configured firewall rules that
include SMTP service and automatically created firewall rules (example: with
VPN connections).
|
Place manually created firewall rules for SMTP and automatically created rules
below the automatic MTA rule.
If mails are already in queue on the firewall, before you
reposition the firewall rules, contact Sophos Support for help in using the
following script to correct the issue: /scripts/mail/replace_firewall_id.pl.
|
NC-58684 |
Firmware management |
Upgrade from 17.5.x to 18.0 and later takes about 50 minutes.
This is due to the additional checks for file system
correction, which take longer based on the hard disk size and status.
|
Known behavior |
NC-56884 |
Wireless |
Built-in wireless stops broadcasting the SSID on 2.4 GHz and 5 GHz
intermittently, and users can't see the SSID on their endpoints. |
Go to Wireless > Access points, and clear the check box for Dyn Chan. This turns
off DCS (Dynamic channel selection) on 5 GHz. |
NC-55423 |
Network services (deprecated) |
Difference in data transfer traffic usage between WAN link manager and WAN zone
report.
|
For more information, see Difference between WAN link
manager and WAN zone report. |
NC-54697 |
IPS Policy |
The show ips-settings command shows only eight firewall rules even when
more are configured. The related database entry contains all the firewall rules.
|
Will be resolved shortly. |
NC-54667 |
Authentication |
Sophos Firewall supports up to 3042 simultaneous Corporate Authentication Agent
(CAA) connections. When the number of users exceeds the limit, the message
"Failed to establish connection! Too many open files" appears
in the access server log file.
The limit is only for users using CAA. Live user count for
other authentication mechanisms aren't part of this limit.
|
Known behavior |
NC-53094 |
RED |
WAN gateway becomes active, causing RED site-to-site tunnels to flap.
When you configure multiple WAN gateways, actions that result
in the backup gateway or the unused gateway for the RED tunnel to reconnect,
cause all RED tunnels to reconnect.
|
Known behavior |
NC-52129 |
Email |
Avira is unable to scan encrypted split files. |
Use the Sophos antivirus engine. |
NC-51322 |
Email |
Chinese characters in the mail subject don't appear correctly within the
quarantine digest email. |
Change the encoding used in the end user's mail client to UTF-8. |
NC-48871 |
L2TP |
Username with the special character "\" isn't authenticated when signing in with
the domain through L2TP. |
Will be resolved shortly. |
NC-47523 |
Reporting |
Auxiliary HA device sends reports about its own scheduled report. |
Known behavior |
NC-47092 |
Firewall |
SSH session to a target behind an SFOS firewall appears with delay in the log
viewer.
|
Known behavior |
NC-46108 |
DHCP |
DHCP relay configured on an interface with a DHCP server configuration doesn't
function.
|
Expected behavior |
NC-44003 |
SNMP |
SNMP query for supportSubStatus and appExpiryDate returns unexpected values.
|
Known behavior |
NC-43682 |
Email |
Mail queue is delayed or fails after update to 17.5.
A manual change to disable_offline_relate is lost during a
firmware upgrade. Before the upgrade, if you've changed the
/static/proxy/smtp/scanner.conf file to set the disable_offline_relate
setting to No, the change
is lost during a firmware update.
|
After the firmware upgrade is complete, edit the /static/proxy/smtp/scanner.conf
file, and update disable_offline_relate. |
NC-42570 |
WAF, Web |
When LAN users want to access a web server deployed in the LAN zone and
protected by a WAF rule, these requests don't work. Requests from the LAN zone
reach the web server directly without passing the firewall. |
WAF rules control traffic for sites hosted on the WAN interface. For internal
servers, configure the DNS server to resolve the domain to the backend server
directly.
Alternatively, to host the site in the LAN zone through WAF,
you need a second WAF rule that listens on the internal interface with a
different, internal-only domain.
|
NC-42364 |
Networking (deprecated) |
IPsec route precedence isn't applied.
When system route_precedence is configured to give VPN routes
higher priority than static routes, the firewall doesn't send the traffic
through the IPsec tunnel. Instead, it routes the traffic through a matching
static route. This occurs if a static or local route exists directing the
traffic to a non-WAN zone. The route precedence command only applies to
traffic destined for the WAN zone.
|
Manually create an IPsec route for the remote subnet.
Example: console> system ipsec_route add net
192.168.1.0/255.255.255.0 tunnelname <tunnelname>
Then press Tab twice to see the list of available tunnels.
|
NC-42227 |
Authentication clients |
Currently, Sophos Firewall devices don't support SATC (Sophos Authentication for
Thin Client) with Edge browser. |
Known behavior |
NC-42226 |
SSL VPN |
Locally-signed certificates aren't supported as server certificates in SSL VPN.
|
Only certificates signed by the local CA are supported. Example:
ApplianceCertificate.
|
NC-38227 |
RED |
Can't turn on RED functionality with DHCP from Network > DHCP. |
Go to Interfaces > RED for the RED device. Under RED network settings, turn on
DHCP.
|
NC-35231 |
ATP framework |
Limit of 128 characters to add a threat exception. |
Known behavior |
NC-35230 |
Wireless |
Can assign only 8 SSIDs or networks to an access point. |
Known behavior |
NC-33997 |
Authentication |
SSO client installation doesn't work with RDP sessions. |
Known behavior |
NC-33500 |
Web |
Unable to get the file scanned by Sandstorm. The captive portal shows a cannot
reach page. This happens when there's an Any to Any firewall rule with Action
set to Drop. |
Select a LAN or WAN zone instead of Any zone for the firewall rule with Action
set to Drop. |
NC-30324 |
Firewall |
Internal hosts can't ping remote access SSL VPN. |
Give priority to static routes because SSL VPN routes are static routes. VPN
routes represent IPsec routes. |
NC-29938 |
Networking (deprecated) |
Static routes won't apply to the system for connected networks, such as RED
tunnels. So, you can't use them for route failover for these networks. |
Use SD-WAN routes for route failover. |
NC-29517 |
Date and time zone |
Time zone is different on the web admin and CLI consoles. |
Copy the content from /etc/zoneinfo/<timezone> to /conf/TZ. Then restart
the firewall. |
NC-27906 |
Email |
In legacy mode, when you turn on greylisting on the server, emails are rejected
because legacy Mode doesn't support retrying of emails. Failed emails are
rejected with the following log message: 451 Temporary local
problem, please try again! |
For more information, see How to work around the issue when
legacy mode doesn't support email retry. |
NC-27452 |
WAF |
No support for Microsoft RDG protocol suite. |
WAF only supports RPC_IN_DATA and RPC_OUT_DATA. These are the only types
supported when Pass Outlook Anywhere is turned on. |
NC-26865 |
Wireless |
Link/Activity LED glows on Port3 and Port4 even when the ports are disabed in XG
85(w), XG 125(w), and XG 135(w). |
Known behavior |
NC-25733 |
IPsec |
Can't see custom IPsec profiles that use a preshared key with aggressive mode
after upgrading to 17.0 MR1 although the profile is in use in an IPsec
connection.
|
The firewall doesn't support preshared keys in aggressive mode. It only supports
aggressive mode with RSA key and digital certificate. |
NC-22697 |
Web |
Citrix-based web application isn't working with Allow all web policy.
In transparent mode, Citrix clients aren't aware that there's
an HTTP or HTTPS proxy in the middle. So, they start using a proprietary
protocol (not HTTP or HTTPS) using the HTTP and HTTPS ports. The proxy
doesn't
understand this and waits for a client request while the Citrix client waits
for the server to respond. So, launching a .ica file with Citrix web
or application fails.
|
You need to punch a hole in the firewall. Do as follows:
For traffic from the LAN zone to the destination IP addresses
of your URL in the WAN zone to launch the .ica file, create a LAN to
WAN firewall rule with web policy set to None.
Then create a firewall rule with web policy set to Allow all
from LAN to WAN.
|
NC-22372 |
Email |
Missing prefix subject with IMAP and many email clients.
With IMAP, some mail clients download only the root headers
from the server. They download the complete email only when users click the
email subject. Sophos Firewall doesn't scan headers for spam since headers
don't have enough information to detect spam. The IMAP proxy scans emails
for spam only when the mail client downloads the complete email. The
firewall then scans and adds a prefix to the subject for spam. So,
the spam prefix doesn't appear in the email client's folder view.
|
Known behavior |
NC-22206 |
Clientless access (HTTP and HTTPS) |
Bookmarks of websites that require NTLM authentication don't work with
clientless authentication. |
Sophos Firewall doesn't support NTLM authentication with clientless web access.
|
NC-19628 |
Authentication |
Sophos Firewall doesn't support browsing on IE11 in protective mode with SATC
authentication.
|
Known behavior |
NC-19479 |
Clientless access (HTTP and HTTPS) |
Can't access websites that require the destination domain in the URL host
through clientless access. Example: CNN.com. |
Known behavior |
NC-19478 |
Clientless access (HTTP and HTTPS) |
Can't access websites with UTF-16 characters in the URL using bookmarks.
Clientless access needs HTML links to be rewritten within the
response document to ensure that links work for users outside the proxy. The
firewall doesn't rewrite URLs with UTF-16 encoded special characters. So,
these sites won't open through clientless access. Example:
http:\u002f\u002fportal.example.com
|
Known behavior |
NC-19476 |
Clientless access (HTTP and HTTPS) |
Can't access web servers containing JavaScript-based dynamically generated URLs
through HTTP and HTTPS bookmarks. |
Known behavior |
NC-18385 |
WAF |
After successful form-based authentication, users are redirected to the defined
path in the corresponding site path routing profile rather than to the original
requested path. |
Known behavior |
NC-17808 |
Email |
Wrong decoding if a policy with Change prefix subject is configured with umlaut
characters.
|
Known behavior |
NC-17457 |
Networking (deprecated) |
Username for PPPoE interfaces is limited to 50 characters. |
Insert a dummy username using less than 50 characters on the web admin console
for the PPPoE interface.
Go to the advanced shell and enter the following:
psql -U nobody -d corporate
Go to the corporate DB and enter the following:
corporate> update tblpppoeconf set
"user"='john.doe@example.com'
Now disconnect the PPPoE connection and reconnect to bring the
changes into effect.
|
NC-16462 |
Reporting |
When generating a custom report, only the results appearing on the current page
are exported to HTML, PDF, and CSV formats. The full list isn't exported. |
Known behavior |
NC-14880 |
Web |
Safe search is enforced on all the policies without exception. |
Known behavior |
NC-13946 |
Authentication |
STAS users with special characters (',/") in the name don't appear. |
Sophos Firewall doesn't support usernames with these special characters. |
NC-13934 |
Reporting |
Auxiliary device sends only a few configured scheduled reports. |
If reports don't contain data in auxiliary devices, report notifications aren't
sent.
|
NC-13659 |
Security Heartbeat |
Host information for blocked sources is shown on ATP flipside but isn't updated.
|
Manually reopen the flipside to see the change in host status. Example: Green,
red, missing |
NC-13639 |
Captive portal |
Local users with names containing umlaut characters (example: ööööööö) can't
sign in. They can sign in through AD and STAS.
Unable to create local users with special characters (UTF-8).
Existing AD users with such names can't sign in.
|
Known behavior |
NC-13637 |
Routing (deprecated) |
Route precedence isn't followed for policy-based routing in RED site-to-site
tunnels.
|
Known behavior |
NC-13636 |
VPN (deprecated) |
Can't create L2TP connection with preshared key for mobile phones. |
Known behavior |
NC-13632 |
RED |
Unable to do offline provisioning of RED 50 device using USB device. |
Do online provisioning centrally. REDs are then upgraded to the latest firmware.
You can then perform offline provisioning. |
NC-13618 |
Clientless access (HTTP and HTTPS) |
Unable to access the web admin console of a firewall by using bookmarks from the
same firewall. |
Known behavior |
NC-13598 |
Firewall |
10G SFP+ network cards on software appliances aren't recognized. |
Known behavior |
NC-9641 |
WAF |
Outlook Anywhere doesn't work when Common threat filter is turned on in the web
server protection policy. |
RPC (Remote Procedural Call) doesn't work when Common threat filter is on. CTF
checks the validity of HTTP requests and responses and compliance with HTTP
standards and common practices. MS_RPC, the protocol underlying
some of MS Outlook’s Anywhere feature doesn't meet all these rules and common
practices.
Turn off Common threat filter in the web server protection
policy.
|
NC-9132 |
WAF |
Websockets aren't supported for WAF. |
Known behavior |
NC-9124 |
Firewall |
STAS isn't working when AD servers are only reachable on WAN. |
Known behavior |
NC-9106 |
Framework part of base (deprecated) |
Mail notification isn't working with Microsoft Office365. |
Sophos Firewall supports STARTTLS and SSL/TLS to encrypt emails. However, for
SMTP, it only supports PLAIN authentication, which Office 365 doesn't support.
Configure an intermediate relay to workaround this behavior.
|
NC-9102 |
Hotspot |
Custom logo doesn't appear on the hotspot sign-in page if the hotspot name
contains whitespace. |
Don't use white spaces in hotspot names. |
NC-9063 |
Firewall |
Unable to create a hotspot through SFM with an HTML filename that has a space.
|
Don't use spaces in filenames. |
NC-8891 |
VPN |
CHAP and CHAPV2 in L2TP and PPTP VPN with AD configuration isn't working. |
Use PAP as authentication method. |
NC-8888 |
VPN (deprecated) |
IPsec (site-to-site) between SFOS and SonicWall isn't working in aggressive
mode.
|
Use main mode. |
NC-43145 |
Hardware |
HA pair becomes unstable if you use the shared port as the dedicated link on XG
106
|
Don't use the shared port (Port 4) for the HA dedicated link. |
NC-43721 |
Hardware |
Half-duplex isn't working on the upper four ports of XG 125 and XG 135 Rev.3
|
Use ports 5, 6, 7, or 8 with half-duplex. |
NC-76186 |
Hardware-XG Series |
4X10G Flexiport module with the Intel 700 series NVM data and driver isn't
recognized.
|
Known behavior |
NC-55068 |
Hardware |
XG 115 Rev.3 models show no HDMI output unless a monitor is connected before the
device starts. |
Known behavior |
NC-53886 |
Hardware-SG and XG Series |
40Gbit QSFP+ Flexiport module isn't recognized on SG/XG 430/450 firewalls. |
Known behavior |