Sophos Wireless Update 2.0.0-8
(Staged release will start from July 27th - multiple regions)
Sophos Wireless provides a simple, effective way to manage and secure your wireless networks. When using our Security Heartbeat™ enabled APX Series access points, you can monitor the health status of any Sophos Central managed endpoint or mobile device and so automatically restrict web access on trusted Wi-Fi networks to prevent lateral movement. This, combined with our enhanced rogue AP detection, gives you superior visibility to help discover threats at the earliest possible moment.
Sophos Wireless is easy to setup and deploys as part of your Sophos Central portfolio of cloud-managed security solutions.
The v2.0.0-8 release of Sophos Wireless adds some exciting new features and enhancements to the existing features.
APX Series Access Points (Next-generation indoor access points):
- Three new 802.11ac Wave 2 access points
- APX 320 – 2x2 MIMO with dual 5 GHz capability for high-density environments with medium performance clients, e.g. schools
- APX 530 – 3x3 MIMO for medium density environments with high-performance clients connecting
- APX 740 – 4x4 MIMO for high density, high capacity environments
- Improved overall performance and throughput at load
- Security Heartbeat enabled to support synchronized security with Endpoint and Mobile in Sophos Central
Synchronized Security with Endpoint and Mobile*
- Monitor the health status of Sophos Central managed endpoint and mobile devices using Security Heartbeat™ functionality
- Automatically restrict web access for clients with a red heartbeat on trusted Wi-Fi networks and so prevent lateral movement
- A warning will be issued for a yellow heartbeat but no access restrictions applied
- Discover unknown devices connected to your Wi-Fi network and those with a missing heartbeat
Image: Synchronized Security is enabled by SSID
Enhanced Rogue AP Detection
- Identifies and automatically classifies neighboring Wi-Fi networks, according to their threat level
- Use the new on-demand scan function to get the latest threat data, with full visibility directly from the dashboard
Image: The dashboard now has an overview of neighbouring networks under the Threats tab
Other Enhancements
- Bulk provisioning. Register up to 30 APs in a single step by uploading a comma-separated csv file
- The improved dashboard provides visibility into Threats and Security Heartbeat-enabled mobile and endpoint devices
- There were several critical issues fixed in this particular version.
- Search capabilities on Wireless client page
Image: Security Heartbeat tab on the dashboard showing a device at risk (red heartbeat)
Image: Security Heartbeat tab on the dashboard showing a device with a 'missing heartbeat' (indicates the device previously had a heartbeat)
Image: The client overview allows you to filter the view by Security Heartbeat enabled devices
Open/Known issues in the v2.0 release (will be fixed in a subsequent major releases or MR):
|
Issue key |
Summary |
|
CWIFI-9228 |
Generate new password will send email twice to the configured address with the same info |
|
CWIFI-7643 |
Captive portal will not work with the combination of Guest network and VLAN |
|
CWIFI-9216 |
Client Vendor filter not working as expected when more than 8 characters are used to filter |
|
CWIFI-9080 |
Clients are unable to access the internet when static vlan is changed in Guest NAT SSID |
|
CWIFI-8958 |
AP Name and Serial Number Overlap on Access Points Page when AP's name is longer. |
|
CWIFI-8821 |
Apply Button does not work for Voucher End Duration Configuration |
|
CWIFI-9101 |
SSID(Network) information is not properly displayed for about 5 minutes under clients page |
|
CWIFI-9198 |
If the MacOS has Mobile SMC and Endpoint, the status keep toggling if one of them has RED status |
|
CWIFI-9048 |
Sync Security with Dynamic VLAN configurable when we use WPA2-Enterprise as the Encryption Mode |
|
CWIFI-8657 |
Discrepancy between APX320 and APX530/740 in LED behavior during hard reset |
|
CWIFI-7336 |
DHCP client on the AP needs to be restarted if the AP is not reachable to the gateway |
|
CWIFI-7301 |
Duplicate SSID name should not be allowed |
|
CWIFI-8914 |
APX320 reboots after band change of radio-0 from 2.4 to 5Ghz and vice versa |
|
CWIFI-7591 |
Users must re-enter Captive Portal password after roaming event |
List of issues fixed between v1.16 and v2.0.0-8.
|
Issue key |
Summary |
|
CWIFI-9243 |
APs not loading and existing SSIDs not editable or cannot create new one when channel list is sent as empty |
|
CWIFI-9235 |
Deregistering AP/APX does not wipe out config |
|
CWIFI-9223 |
Splash Page orientation does not work correctly for iOS devices |
|
CWIFI-9222 |
No beacon is seen after removing non-root AP |
|
CWIFI-9206 |
The health status text on Dashboard and client page is different |
|
CWIFI-9202 |
'diagd' not working on Signed APX320 |
|
CWIFI-9200 |
If band steering is enabled, the newly added allowed Mac list is overriding the existing list instead of appending it |
|
CWIFI-9197 |
Cleanup log messages in Synchronized Security |
|
CWIFI-9195 |
If multiple SSIDs are assigned to the AP from Access Point page, the UI throws both Success and Failure error |
|
CWIFI-9185 |
idle time not updating for APX530 |
|
CWIFI-9175 |
For AP15C Radio Channel Configs(like width & Auto channel) is not working as expected |
|
CWIFI-9169 |
Partner reporting duplicate open and secured SSIDs on all APs after upgrade to 1.16 |
|
CWIFI-9142 |
Hostnames from clients are intermixed |
|
CWIFI-9104 |
The checkbox for Heartbeat filter shows wrong data when feature is disabled |
|
CWIFI-9095 |
Iptables rules for Endpoint magic IP doesn't get installed after reboot |
|
CWIFI-9094 |
Unknown fingerprint error when Endpoint connects to Sync Security SSID |
|
CWIFI-9089 |
BSSID_IMPERSONATE and EVIL_TWIN classification functionality in Rogue AP is not working |
|
CWIFI-9087 |
Threat dashboard is not as same as the one under the sites |
|
CWIFI-9086 |
AP workload status is not shown for BLR Dogfooding APs even though many clients connected to it |
|
CWIFI-9071 |
The checkbox for filtering the Heartbeat enabled client should not show unmanaged client |
|
CWIFI-9070 |
In Alert Description HTML Anchor tag code is showing in Wireless Alert Page |
|
CWIFI-9055 |
AP100: "Unhandled kernel unaligned access" observed while config (3 ssid with open/wpa2-psk/wpa2-eap) pushed from cloud & AP is already with two clients and TCP data is going between them before the config push |
|
CWIFI-9053 |
UI Review Feedback: Before v2.0 |
|
CWIFI-9009 |
SMC App not able to communicate with cloud and resolve the related hostname resulting in failed synchronization |
|
CWIFI-9008 |
Bulk Provisioning - CSV upload is failing on Windows OS |
|
CWIFI-9003 |
Change in Health Status of clients not getting updated in cloud sometimes |
|
CWIFI-8993 |
APX320 continuously rebooting when the band changed from 2.4GHz to 5GHz on Radio0 and vice versa |
|
CWIFI-8992 |
Slider control for scheduling settings for network availability is not working |
|
CWIFI-8990 |
APX320: Need a message for user to disable allow mesh for one of the radio |
|
CWIFI-8981 |
Existing SSIDs are not pushed to AP if assigned from SSID page in QA environment |
|
CWIFI-8980 |
Images are not loading at "Register Access Point Model" |
|
CWIFI-8978 |
APX320: client connected to mesh AP could not browse internet if ssid configured 2.4Ghz & 5 Ghz radio and guest-NAT |
|
CWIFI-8965 |
Ceiling value of Usage insight graph is not correct |
|
CWIFI-8964 |
The inline help for Yellow status of Sync Security in SSID page should be in Yellow similar to other status |
|
CWIFI-8954 |
Retry button appears for Registered AP |
|
CWIFI-8953 |
Stale/Already Registered AP Entries displayed on On-boarding Wizard |
|
CWIFI-8952 |
Info on Bulk Provision Button is wrong. |
|
CWIFI-8951 |
Upload CSV option is not disabled when registration is in progress |
|
CWIFI-8950 |
Bulk Edit Hostname Page does not Auto Close |
|
CWIFI-8949 |
The casing of the Health status in the client page needs to be corrected |
|
CWIFI-8941 |
[ALPHA_IMAGE] Firmware version is coming as hash code for APX model |
|
CWIFI-8940 |
[ALPHA_IMAGE] Radio 0 is not working as expected on 5GHz in APX320 |
|
CWIFI-8939 |
APX: Mesh config is not shown in /etc/config/wireless |
|
CWIFI-8937 |
The data on the clients page and the Sync Sec Dashboard are not in sync |
|
CWIFI-8926 |
Health status should have some text instead of Red/Green/Yellow in the client statistics |
|
CWIFI-8924 |
Not able to assign Sync Security SSID to the Access Point |
|
CWIFI-8923 |
Floor Plan Upload is getting Stuck |
|
CWIFI-8922 |
UI shows AP state "Updating" continuously |
|
CWIFI-8921 |
UI inline help for Sync Sec should have Wireless instead of firewall and it has to be in bold like endpoint text |
|
CWIFI-8913 |
SSID is not broadcasted on AP when user configures 32 Byte characters SSID |
|
CWIFI-8822 |
APX740: Failed to upgrade from MP2.0 build (FW version 2.0.2.0-1) to v2.0.0-1 using production cloud |
|
CWIFI-8821 |
Apply Button Does not work for Voucher End Duration Configuration |
|
CWIFI-8802 |
Change default wifi logging URL |
|
CWIFI-8798 |
synchronous_sec process does not restart by itself when killed |
|
CWIFI-8791 |
Change the filter label from "all" to "Show All Networks" |
|
CWIFI-8790 |
Change the label from Neighbour SSID to Neighborhood Networks |
|
CWIFI-8789 |
The "details" link in the Threat Dashboard leads to AP page instead of sites |
|
CWIFI-8788 |
Rogue classifications color needs to be changed |
|
CWIFI-8787 |
The option to upload of csv file is not aligned with the mockup |
|
CWIFI-8786 |
Bulk upload label should not be in the all upper case |
|
CWIFI-8763 |
Partner reporting duplicate open and secured SSIDs on all APs after upgrade to 1.16 |
|
CWIFI-8761 |
sophosxl.[com|net], sophosupd.[com|net] and mojave.net domains blocked while device is in Non-Compliant State |
|
CWIFI-8750 |
Channel is not listed correctly in cloud after RADAR trigger |
|
CWIFI-8742 |
uhttpd process is not running and hence not able to redirect |
|
CWIFI-8740 |
Clients are not getting IP address when a static vlan is removed from SSID config |
|
CWIFI-8739 |
Sometimes the status doesn't change from Green to Red unless user reconnects the wifi |
|
CWIFI-8738 |
The AP should whitelist the smc connection when it becomes uncomplaint |
|
CWIFI-8735 |
On-boarding wizard does not open when a new user clicks on wireless in popup screen |
|
CWIFI-8734 |
Warning message not seen when user selects the 40Mhz option for 2.4Ghz. |
|
CWIFI-8726 |
Threat tab works only when user click the "Threat" text unlike AP tab |
|
CWIFI-8725 |
Keep BSSID in upper case in custom classification dropdown |
|
CWIFI-8720 |
Threats Dashboard data and sites data are not in sync |
|
CWIFI-8716 |
Sometimes the APX320 beacons in 5Ghz & 5Ghz mode just after registration even though config is in 2.4Ghz |
|
CWIFI-8714 |
The APX320 is not reporting the neighbourhood SSIDs when both radios are in 5Ghz |
|
CWIFI-8710 |
APX530: Mesh network is not getting formed on both radios 2.4/5G |
|
CWIFI-8678 |
Sanctioned should be displayed as green and unsanctioned as blue |
|
CWIFI-8676 |
Since there is no "show all" filter, user cannot see all Neighborhood networks |
|
CWIFI-8653 |
Cosmetic Changes Needed |
|
CWIFI-8651 |
Hostname and SSID Column Overlap on Summary Page |
|
CWIFI-8650 |
AP and Hostname not getting displayed on Summary Page |
|
CWIFI-8645 |
Incorrect Registration Status |
|
CWIFI-8644 |
Register Button Does not work as Expected At Times |
|
CWIFI-8635 |
APX530: Eth1 link details speed/duplex are shown incorrect |
|
CWIFI-8634 |
Clients are not getting IP address when a static vlan SSID is edited with Guest NAT. |
|
CWIFI-8633 |
Unable to configure the band to 5GHz until we disable the "allow mesh" in APX320 |
|
CWIFI-8602 |
UI shows same channel options for both 5GHz radios in APX320 |
|
CWIFI-8601 |
The TA was not able to find the build 1.16 |
|
CWIFI-8573 |
APX:Captive portal with backend authentication is not working |
|
CWIFI-8568 |
APX530: Kernel Panic with modules linked "pcf ipt_MASQUERADE ip_set_hash_ip xt_mac xt_set" |
|
CWIFI-8564 |
APU is not working for APX models |
|
CWIFI-8518 |
APX530: Continuos kernel panic after the system idle for 2 days |
|
CWIFI-8496 |
APX320 : Not able to set wifi0 to 5 GHZ |
|
CWIFI-8484 |
Usage insight feature is not working on APX platforms |
|
CWIFI-8478 |
APX530: udp uplink data rate is quite less |
|
CWIFI-8421 |
Sometimes search by hostname doesn't work |
|
CWIFI-8381 |
Finish WifiConfiguration migration (Remove dead code) |
|
CWIFI-8364 |
change band support of APX320 for MP1.2 |
|
CWIFI-8351 |
Captive Portal redirection page is not loading CSS |
|
CWIFI-8342 |
Hitting the back button on the browser doesn't work from Sites Tab. |
|
CWIFI-8307 |
UI allows to create invalid vouchers |
|
CWIFI-8303 |
"Other" categorisation in Usage Insights are always shown as "Other (1)" |
|
CWIFI-8300 |
Client details are not updated in cloud (prod/dev/qa) account |
|
CWIFI-8281 |
DNS and Radio Statistics Data (Unnecessary DB inserts) |
|
CWIFI-8280 |
Create job to delete the older records from wireless_scan_networks |
|
CWIFI-8253 |
Multicast to Unicast conversion is not happening in 2.4Ghz for Static VLAN |
|
CWIFI-8250 |
"Band" is half shown in the client statistics page |
|
CWIFI-7965 |
UI: Client isolation/Hidden ssid is not allowing to enable when captive portal & static vlan is configured in SSID |