Configuring VPN Remote Access for the first time on your Sophos XG Firewall? Check out this useful Community post!
We'd love to hear about it! Click here to go to the product suggestion community
Found out so far, that mailmanager is broken:
In reply to talex:
With 9.509, I had no problem with the User Portal. With 9.510-5 on my lab UTM, when I login, my username and email address appear at the upper-right, but then it locks up and displays nothing more. A reboot and a restore did not help. Anyone else?
Cheers - Bob
In reply to BAlfson:
I cant confirm this, UserPortal is working fine as before.
But i have another Issue, dont know if ist from this Version but my config:
I have the Sophos behind a NAT Router in my Testing environement and would like to establish an IPSECL2TP VPN with preshared key. If i do this in the UTM i cant connnect. If i disable IPSEC in UTM and make 3 DNat Rules to a RAS Server in my Network, i can connect and IPSEC/L2TP works fine.
Can someone explain this to me?
In reply to Raven:
I performed the update to 9.510-4 remotely (on my UTM at home), everything seemed to be fine, no issues noted.
Today I update to 9.510-5 remotely, and now the system is off-line and has been for well over an hour....
gonna have to look at this when I get back... :(
Different IPsec remote access servers have different levels of security. The UTM's L2TP/IPsec implementation doesn't have the ability to "sign" encrypted packets with the public IP on your router, so your L2TP/IPsec client rejects those packets.
It's been over 3 weeks now and the 9.510-4 update is not available through Up2Date yet. I'm just wondering if the update is being delayed or there is something wrong on my end as a I usually recieve an email stating the firmware has been downloaded and is ready to be installed.
Still running 9.509-3
In reply to alan weir:
The latest is 9.510-5, available on the ftp site earlier this week. I'm still not recommending it. When I put it on my lab UTM, the User Portal was hosed, but no one else has reported that, so I may be headed for an install from scratch.
Ok then I'll just wait for the Up2Date firmware to be released.
Bob, have you tried deleting your browser cookies? There was a rash of complaints in this topic that Mail Manager was broken, but it appeared to have been resolved by resetting cookies, so I wonder if it would solve your problem as well.
I have not seen anything from Sophos indicating that they understand the Mail Manager problem and are addressing it. At least mail manager is used by a small pool of relatively sophisticated users. Because User Portal is offered to a large pool of relatively less sophisticated users, even a requirement to purge cookies is problematic. So I hope we will see another hotfix to bring us to 9.510-6.
9.510 has a fix to Country Blocking Exceptions which I am eager to use, but for the moment I am holding firm on 9.506 because of the reported problems with subsequent versions.
Just seen the first of my many UTM's notify me that this is now available....
In reply to Martin Hepworth:
yesterday I updated my Sophos UTM HA environment to version 9.510-5. And yes, HA is working again as it should! In the past I had error messages regarding Pop3 proxy not running, ACC device Agent not running, HA selfcheck after doing a failover and a faultback. Now, after doing a failover or a faultback there no more error messages.
9.510-5 just updated
In reply to StefanLoeser:
In reply to DouglasFoster:
Agreed, Douglas, my first solution was to open a different browser (Chrome), and that worked. Then, I tried to solve it by following this tip - Firefox: Delete cookies to remove the information websites have stored on your computer - no joy.
Edit 2018-08-15: Resolved - see my post below.
9.510-5 email appeared for me!will wait 'till I get home with updating :)edit: nothing kaput yetchangelog:
System will be rebooted
Configuration will be upgraded
Connected APs will perform firmware upgrade
Connected REDs will perform firmware upgrade
Fix [NUTM-8273]: [Basesystem] Inconsistent reporting data in hot standby environment
Fix [NUTM-9089]: [Basesystem] ulogd restarting randomly
Fix [NUTM-9423]: [Basesystem] Missing DMI info or missing WiFi card should turn status LED red for desktop refresh models
Fix [NUTM-9516]: [Basesystem] CVE-2017-3145: BIND vulnerability
Fix [NUTM-9764]: [Basesystem] multiple NTP vulnerabilities
Fix [NUTM-9862]: [Basesystem] CVE-2018-8897: Don't use IST entry for #BP stack
Fix [NUTM-9944]: [Basesystem] 'ethtool -p' is not working for shared port
Fix [NUTM-9945]: [Basesystem] SG/XG 125/135 upper 4 ports LEDs at front and rear side not behaving as expected
Fix [NUTM-10124]: [Email] TLS Errors - renegotiation not allowed
Fix [NUTM-9286]: [Email] CVE-2011-3389: SSL/TLS BEAST Vulnerability And Weak Algorithms
Fix [NUTM-9460]: [Email] Quarantine unscannable and encrypted content not working as expected
Fix [NUTM-9539]: [Email] SMTP callout with TLS does not work
Fix [NUTM-9627]: [Email] Parent proxy for WAF (ctipd) not applied without active e-mail subscription
Fix [NUTM-9771]: [Email] Redesign TFT detection to decrease false positives/negatives
Fix [NUTM-9836]: [Email] HSTS usage breaks Quarantine Report release link
Fix [NUTM-9789]: [Logging] Not able to archive logs using SMB share
Fix [NUTM-8969]: [Network] Inconsistent DHCP leases in WebAdmin
Fix [NUTM-9049]: [Network] Cannot change IPv4 interface as IPv6 gateway is required
Fix [NUTM-9194]: [Network] Static route switching to different VLAN
Fix [NUTM-9646]: [Network] eth0 is falsely marked "dead" when running "hs" on slave
Fix [NUTM-9739]: [Network] Network monitor restarting on slave nodes
Fix [NUTM-10118]: [Reporting] Authenticated Remote Code Execution in WebAdmin
Fix [NUTM-9607]: [Reporting] Upper case umlauts in PDF Executive Reports are not displayed correctly
Fix [NUTM-9624]: [Reporting] WAF - Top attackers won't be displayed after upgrade to v9.5
Fix [NUTM-9719]: [SUM] Web Protection service shown as down in SUM
Fix [NUTM-9547]: [UI Framework] UserPortal does not correctly detect browser specified preferred language for Chinese Simplified
Fix [NUTM-9527]: [WAF] Fix mod_url_hardening stack corruption
Fix [NUTM-8038]: [WebAdmin] WebAdmin not available
Fix [NUTM-9232]: [WebAdmin] Sometimes 'backend connection failed' while login
Fix [NUTM-9529]: [WebAdmin] Role with 'Web Protection Manager' rights can't access Aplication Control
Fix [NUTM-9689]: [WebAdmin] Report Auditor role is unable to open the dashboard
Fix [NUTM-5293]: [Web] Google is missed in the Search Engines reports
Fix [NUTM-6240]: [Web] FTP download through HTTP Proxy in standard mode not possible
Fix [NUTM-9039]: [Web] Connections may fail when using upstream proxies due to "Proxy-Connection" header being sent
Fix [NUTM-9399]: [Web] Classification for Windows Updates differs between AFC and conntrack
Fix [NUTM-9413]: [Web] Unable to upload certificate to "Local Verification CAs"
Fix [NUTM-9491]: [Web] HTTP Proxy coredumps with SIGABRT
Fix [NUTM-9549]: [Web] Proceeding after content warning results in display issues on redirected pages
Fix [NUTM-9599]: [Web] HTTP Proxy requests stuck without appropriate timeout
Fix [NUTM-9630]: [Web] Fallback log flooded with samlogon cache timeout messages
Fix [NUTM-9664]: [Web] Country blocking exception not working when HTTP Proxy is using SSO
Fix [NUTM-9720]: [Web] Can't proceed content warning for MIME types if URL contains spaces
Fix [NUTM-9745]: [Web] HTTP Proxy coredumps with SIGSEGV
Fix [NUTM-7628]: [Wireless] Wireless clients frequently failing to connect with STA WPA failure reason code 2
Fix [NUTM-8946]: [Wireless] APs displayed as inactive in WebAdmin while clients can connect
Fix [NUTM-9591]: [Wireless] Both local WiFi using 2.4GHz band and same channel in default configuration
Fix [NUTM-9592]: [Wireless] Unable to broadcast same SSID on both LocalWifi0 and LocalWifi1
Fix [NUTM-9594]: [Wireless] Incorrect channel information showing on overview for LocalWifi
Fix [NUTM-9608]: [Wireless] Incorrect generic error message in WebAdmin while configuring band for wireless network
Fix [NUTM-9638]: [Wireless] Both local WiFi AP named 'Local'
Fix [NUTM-9731]: [Wireless] Not able to configure channel 12 and 13 on newer desktop models
Fix [NUTM-9735]: [Wireless] Set default channel width to 40MHz for 5GHz band
Fix [NUTM-9737]: [Wireless] SGw appliances missing frequency definitions for Nigeria
RPM packages contained:
I'd never removed selected cookies with Firefox before, so I had skipped the final step. After I really removed them, everything works fine.