trueNetLab

Sophos Firewall: No CVEs, But Plagued by Bugs (v21.5 to v22)

trueNetLab Author — Tue, 03 Mar 2026 00:00:00 +0000

If you’re currently working in the firewall space, you’re usually battling one of two major evils: Either you’re constantly stressed about critical vulnerabilities (CVEs, like Fortinet right now) and spending your nights patching—or your systems throw so many obstacles your way during regular operations due to unstable firmware and annoying bugs (like Sophos right now) that you can’t get anything else done.

At my job at the company, the latter is exactly what’s happening—a stress that I naturally end up taking home with me sometimes. Our current pain point goes by the name of: Sophos Firewall.

Operation Epic Fury: Sophos Warns of Global Cyber Retaliation

trueNetLab Author — Sat, 28 Feb 2026 00:00:00 +0000

Today we received an important security advisory from Sophos. Due to the current geopolitical situation surrounding “Operation Epic Fury” and the associated increased cyber threat, we want to pass this warning directly on to you.

Below you will find the original security warning from Sophos.

Intelligence Report - Escalating Middle East Conflict

Overview

On February 28, 2026, the United States (U.S.) and Israel launched Operation Epic Fury, which involved a coordinated set of strikes targeting Iran’s military missile sites, production facilities and navy.

CodexBar: Token Limits in Your Menu Bar (Codex, Claude, Gemini & Co.)

trueNetLab Author — Fri, 27 Feb 2026 00:00:00 +0000

2026 is a great year to build: with Codex, Claude, Gemini (and what feels like a new tool every month), you have more power on your desk than ever before.

And at the same time it is an incredibly frustrating year to build.

Not because of the models, but because of the reality around them: limits, tokens, credits, session windows, weekly caps, and reset timers.

We build with models, but we build within budgets.

NotPetya: The Most Expensive Cyberattack of All Time

trueNetLab Author — Wed, 25 Feb 2026 00:00:00 +0000

In late June 2017, something started in Ukraine that, at first glance, looked like “ransomware as usual”: machines reboot, files suddenly become unavailable, and a ransom note appears on screen.

Just a few hours later, it was clear: this was not a local incident. This was a wildfire.

The name that stuck is NotPetya. To this day, it is a textbook example of how a seemingly “simple malware wave” can turn into an event that cripples companies worldwide and causes damage in the billions.

Sophos Firewall Configuration Viewer: Audit and Compare Configs

trueNetLab Author — Thu, 19 Feb 2026 00:00:00 +0000

Hello everyone,

if you have ever managed a Sophos Firewall in a real business environment, you know the dilemma: the configuration is the “single source of truth”. But the moment you want to review it outside the web UI, document it properly, or compare before/after a change, it gets painful fast.

Yes, you can take screenshots. Yes, you can export individual rules. But as soon as you are dealing with bigger changes (WAN migration, new VLANs, object cleanup, restructuring NAT logic, “just quickly” adjusting a few VPNs), you really want two things:

magic-wormhole: Secure File Transfer with a One-Time Code

trueNetLab Author — Wed, 18 Feb 2026 00:00:00 +0000

Hello everyone,

today I want to show you a small CLI tool that I keep coming back to in support and incident situations: magic-wormhole. It solves a problem that shows up in everyday businesses more often than any glossy “enterprise” story: you need to get a file (or a directory) to someone right now, but email is too small, a cloud link is politically or legally tricky, and “just open a port real quick” is not an option.

DDoS Attacks: Types, Symptoms, and Mitigation

trueNetLab Author — Tue, 17 Feb 2026 00:00:00 +0000

DDoS is not a new phenomenon, but it has become much easier, cheaper, and more scalable. In the past, a few misconfigured servers or a small botnet were enough to disrupt a service. Today we regularly see attacks that can saturate links in fractions of a second, overwhelm firewalls, or bring applications to their knees with seemingly “normal” requests.

This post is not about fear-mongering. It is about context: what DDoS actually is, which attack classes matter in practice, how you spot them during operations, and which countermeasures are worth your time.

Enemy on the Team - The North Korean IT Worker Trick

trueNetLab Author — Fri, 14 Nov 2025 00:00:00 +0000

I deal with cyber security every day, both professionally and privately. I audit firewalls, analyse logs, run penetration tests, and speak to IT administrators at companies of all sizes. And one thing keeps coming up: most IT admins don’t even know about the risks they’re underestimating.

They think about ransomware, phishing, and external hackers trying to breach the firewall. That’s understandable - these are the classic threats we grew up with.

Sophos Firewall v22 Health Check - Complete Overview

trueNetLab Author — Sun, 26 Oct 2025 00:00:00 +0000

The new Firewall Health Check feature in Sophos Firewall v22 is an integrated configuration validation system that continuously assesses dozens of settings against the CIS Benchmarks and best practices. The checks are categorised by severity (High, Medium, Low) and organised by module (Active Threat Response, Admin Settings, Authentication, Device Access, etc.).

The following explains each Health Check policy, what it means, its severity, and a professional comment:

Active Threat Response

1. Synchronized Application Control should be enabled Severity: Medium | Standard: Recommended

Sophos Firewall v22 - New features, hardening, and what to expect

trueNetLab Author — Sat, 25 Oct 2025 00:00:00 +0000

Sophos Firewall v22 (SFOS v22) is a major update that focuses on security hardening, improved visibility, and greater operational stability. The modernised Xstream architecture, hardened kernel, and new management features reduce the attack surface and simplify day-to-day administration. This article summarises the key innovations in SFOS v22, provides a critical assessment, and explains what they mean for Sophos admins.

Hightlight Features in SFOS v22

Introduction

The early access phase for SFOS v22 began in October 2025, with the final version (GA) expected in early December. The goal of the release is clear: to make the firewall less vulnerable, easier to configure, and more robust in operation. The new version offers secure-by-design features, deeper telemetry, and many functions that have been requested for years.

Sophos Updates September 2025 – Firewall, Endpoint, E-Mail

trueNetLab Author — Tue, 16 Sep 2025 00:00:00 +0000

In September 2025, Sophos introduced a range of new features. Instead of summarizing everything in one long list, this post is structured by product areas. This way, every administrator can quickly find the relevant points for their environment. After all, not everyone uses Sophos switches or access points – and if you do, my sincerest condolences.

Overview of the key points

Credential theft remains the main risk – Sophos is focusing on passkeys and ITDR. The endpoint updates significantly reduce resource consumption and enable new forensic options. Firewall, switches, and access points also received important additions. E-mail security is moving further into the spotlight with a freely available DMARC tool and TLS reporting. In addition, there are promotions for firewalls, new video content, and events such as ITSA and Partner Business Breakfasts.

Sophos Update: Partner Online Event News (SFOS 22 and more)

trueNetLab Author — Wed, 25 Jun 2025 00:00:00 +0000

Introduction

Yesterday (24 June 2025) Sophos hosted an online event for partners to present the latest developments and the company’s future direction. This blog post highlights the key announcements and insights shared during the event. While many of the innovations showcased – such as the Sophos Firewall v21.5 – have already been available or partially known for several weeks, Sophos took the opportunity to promote them comprehensively once again. Nevertheless, there were also exciting glimpses into upcoming developments, which we examine in more detail here. Continuous development and a focus on prevention, protection, detection and response remain central pillars of the Sophos strategy.

Whoop 5.0: The Fitness Tracker That Sets New Standards

trueNetLab Author — Thu, 19 Jun 2025 00:00:00 +0000

Introduction

Whoop has established itself as a pioneer in the world of fitness trackers by focusing on recovery, strain, and sleep instead of simply counting steps or calories. With the launch of Whoop 5.0 on May 8, 2025, the company takes its vision to a new level, introducing advanced health features, improved hardware, and a revamped subscription model. My comprehensive analysis of the Whoop 5.0 draws on official sources and my personal experience after more than 40 days of use, having upgraded from the Whoop 4.0 .

Britain's Surveillance Policy Forces Apple to Abandon Encryption

trueNetLab Author — Mon, 19 May 2025 00:00:00 +0000

The digital world is once again facing a fundamental debate between privacy protection and government surveillance—and the United Kingdom is currently the scene of a decisive clash. At the heart of it lies Apple’s controversial decision to drop end-to-end encryption for British iCloud users under pressure from the government.
As a Brit by birth, I view this development with great concern. Although I now live in Dubai and am not directly affected, I find state-mandated “backdoors” fundamentally problematic and dangerous.

Sophos Firewall v21.5: New Features for Your Network Security

trueNetLab Author — Fri, 16 May 2025 00:00:00 +0000

Introduction

In this post we explore the latest updates in Sophos Firewall v21.5, the release that strengthens your network security while giving you the advanced threat-detection features you’ve come to expect. Let’s dive in!

Entra ID Single Sign-On: Seamless VPN access (Windows only)

What’s new?

The Entra ID SSO integration is a major win for organisations that rely on Microsoft 365. It streamlines VPN log-ins and adds security with multi-factor authentication (MFA).

The eight principles of Dubai

trueNetLab Author — Wed, 12 Feb 2025 00:00:00 +0000

It starts as soon as you land. As soon as you step off the plane and enter Dubai International Airport, it catches your eye - a large plaque, clearly visible right by the baggage carousel. The eight principles of Dubai are written there in immaculate lettering, backlit by a soft light.

The eight principles of Dubai - His Highness Sheikh Mohammed bin Rashid Al Maktoum - Vice President and Prime Minister of the UAE and Ruler of Dubai

Why I No Longer Use Sophos AP6 Access Points

trueNetLab Author — Fri, 31 Jan 2025 00:00:00 +0000

Introduction

As I mentioned in one of my previous blog posts, I no longer use Sophos Access Points, even though I still use a Sophos Firewall in my HomeLab. I’m generally a fan of ecosystems, but in this case, the product was no longer acceptable to me. Why? I will explain that in this article.

I conducted extensive research because there were always contradictions and unanswered questions. I wanted to understand the exact causes of the problems and put the situation into a technical context. In doing so, I came across a series of serious shortcomings—both on a technical level and in the way Sophos communicates these issues.

Getting Fit with Tech: Continuously Optimizing My Health

trueNetLab Author — Fri, 10 Jan 2025 00:00:00 +0000

At the beginning of the year, many of us feel the need for change and improvement. Many years ago, I also decided to make my health a priority – a decision that has fundamentally changed my life. In my job, I often spend 12 to 15 hours in front of the screen, with only my fingers moving across the trackpad and keyboard. An unhealthy cycle of lack of exercise, insufficient fluid intake, unhealthy eating (junk food and energy drinks), and too little, poor sleep had crept in. The results were clearly visible: my weight increased in parallel with an ascending Bitcoin chart. Shortly before reaching the three-digit kilogram mark, I realized that I needed to change something. In addition, I often felt tired and my concentration was significantly worse than it is today. Of course, I already knew how important a healthy lifestyle is, but a young body forgives many sins. However, it got worse year by year. This realization was the starting signal for a comprehensive transformation that fundamentally changed both my habits and my perspective on health.

Sophos Firewall: The Heart of My Secure Network

trueNetLab Author — Tue, 07 Jan 2025 00:00:00 +0000

Hello everyone,

Today, let’s delve into a topic that is fundamental to the security and organization of any network: firewalls. They form the backbone of our digital defenses and regulate data traffic. Complementing this, we’ll explore VLANs, an often underestimated but essential technology for network segmentation and enhancing security.

The Indispensable Role of the Firewall

A firewall is far more than just a digital fortress wall. It acts as an intelligent guardian, analyzing, evaluating, and directing data traffic based on complex rules. It is the central element that protects our digital assets and enables smooth communication.

My Network Journey: From Linksys to UniFi and Sophos

trueNetLab Author — Fri, 27 Dec 2024 00:00:00 +0000

Hello everyone,

It’s Joe again. Today, I want to take you on a slightly different journey – a journey through the world of network hardware. In my previous posts, we’ve focused more on software and tools, but today we’ll delve deeper into the physical infrastructure that makes our digital lives possible. I’ll tell you how I went from the beginnings with simple routers to my current passion for UniFi and Sophos.

Little helpers: Tools for my work

trueNetLab Author — Mon, 23 Dec 2024 00:00:00 +0000

In the course of my life, I have tested and integrated a wide variety of tools into my daily routine, then swapped them out or removed them again. These applications form the foundation of my workflow and are used for a wide range of tasks. Today, I would like to introduce a selection of these tools that I use and provide insights into their practical benefits.

Terminal

The terminal is an indispensable tool in my work. It allows for direct and flexible system control without the need for a graphical interface. Whether for administering Ubuntu servers, managing UniFi devices, or configuring Sophos firewalls, I often rely on the terminal.

CleanShot X: My Favorite Tool for Screenshots

trueNetLab Author — Fri, 29 Nov 2024 00:00:00 +0000

Hello everyone,

today, I want to introduce you to another tool that I use every day, one that I discovered through a podcast a few years ago – CleanShot X. Previously, I used macOS’s built-in tools, which required many steps and quite a bit of time to capture a screenshot, blur things out, or highlight certain elements. CleanShot X makes everything significantly easier. I use it daily, and it has become indispensable in my productivity toolset. Since I take a lot of screenshots every day, the subscription is definitely worth it for me.

1Password: The Password Manager I Trust

trueNetLab Author — Sat, 16 Nov 2024 00:00:00 +0000

Hello everyone,

Today, I want to introduce you to another indispensable tool in my daily life—the password manager 1Password. If you’re like me, juggling a multitude of online accounts every day, you know how important security and efficiency are when dealing with passwords. A good password should not only be complex but also unique—and who can remember all that? This is where 1Password comes into play, helping me manage my credentials securely, centrally, and conveniently. For me, it’s the most important tool when it comes to security and organization.

Arc Browser: My Most Important Tool

trueNetLab Author — Thu, 14 Nov 2024 00:00:00 +0000

Hello everyone,

Today I’m going to introduce you to one of the most important tools in my everyday life - the Arc Browser. Arc is the first program I open as soon as my Mac starts up. Why? It’s simple: I spend 80%, if not 90% of my working time in it. For me, the browser is the central tool with which I do practically everything. Maybe you feel the same way I do: I don’t want to have lots of installed programs cluttering up my hard disk, causing background processes or even introducing security vulnerabilities. That’s why I rely on web apps as much as possible. No Outlook, no Teams, no Zoom, no To-Do app or TeamViewer for remote support. If there’s a web version, I use it.

macOS Setup: My Personal Settings and Customizations

trueNetLab Author — Tue, 12 Nov 2024 00:00:00 +0000

As you might remember from my post, How It All Began: From Windows PCs to MacBook , I’m now a MacBook user. I always find it interesting to see which tools others use—there might be something fantastic I haven’t tried yet that could make my daily work a little easier. I’ll be diving into those tools in detail in upcoming posts. For this article, I’ll focus on macOS and the settings I apply right after installation.

How It All Began: From Windows PCs to MacBook

trueNetLab Author — Fri, 08 Nov 2024 00:00:00 +0000

Hello everyone, I’m Joe, and today I’d like to take you on a little journey through time – my journey through the world of computers. It all started in my childhood bedroom with Windows PCs, all the way to my current companion, the MacBook Air M3, which I use for everything today, except for what I can handle with my smartphone.

Beginnings: Windows, Tools, and Early Discoveries

In my childhood, everything started with Windows PCs. I explored the internet, tested new tools, and created websites. My focus was on software, or as I like to say, OSI layers 5 and above, rather than hardware. Things like modems and switches – they just worked, and that was enough for me. Hardware was more of a means to an end; as long as everything ran smoothly, I was happy.

The Journey Begins

trueNetLab Author — Wed, 30 Oct 2024 00:00:00 +0000

Hello everyone, my name is Joseph Goldberg, but you can simply call me Joe. I’m glad you stopped by TrueNetLab. For those who don’t know me yet, I’d like to introduce myself and share a bit about my journey and my latest project, TrueNetLab.

Originally, I’m from the United Kingdom, where I trained as a Security Engineer and studied network technology. Early in my career, I was fortunate to gain significant experience by working with some companies now often referred to as the “Magnificent 7,” which gave me invaluable insights before I was recruited to the Netherlands and Ireland to work for a large tech company. The opportunity was simply too good to turn down. This experience shaped me both professionally and personally, but eventually, I longed for something new. The constant gusts and gray skies of Northern Europe motivated me to take a bold step and move to the sun – Dubai. Beyond the weather, a new job offer also played a crucial role in this decision.