This article explains that the Sophos XG Firewall is not affected by CVE-2018-5389, a vulnerability with IPsec Internet Key Exchange (IKE) v1. The following sections are covered:
Applies to the following Sophos products and versions Sophos Firewall
The Sophos XG Firewall is not affected by this vulnerability. Using low entropy pre-shared-keys (PSK) is always risky, and customers should use long, complex PSKs. Otherwise please use certificates or RSA keys instead.
Sophos XG Firewalls on SFOS v17 and above should use IKEv2 to further enhance security.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.