SFOS 16.05.6 MR6 Released

Hi XG Community!

We've finished SFOS v16.05.6 MR6. This release is available from within your device for all SFOS v16.05 installations as of now and will increase the group in a few days.

The release is available to all SFOS version via MySophos portal.

Issues Resolved

  • NC-19003 [API] Can't change user portal password after language changed
  • NC-18871 [AVD, Web] AVD can coredump when reloading signatures
  • NC-18176 [AVD] AVD randomly returns errors for clean files
  • NC-19017 [AVD] Update pattern failed for Sophos AV
  • NC-16764 [Authentication] Users ipset isn't cleaned up correctly when an STAS user signs out
  • NC-18363 [Authentication] [SATC] do not try to block terminal server ip if wrong AD backend server is configured
  • NC-6413 [Base System, Networking] Traffic initiated from alias interface, is redirected through different interface..
  • NC-17464 [Base System] Garner sent bytes field in http record needs to be 64bits not 32
  • NC-17810 [Base System] Race condition in adding timer due to timezone change
  • NC-18964 [Base System] Mismatch in time: ahead by one hour in reports and SSH when NTP is used
  • NC-17371 [Firewall] "Log firewall traffic" resets after updating any service from hotspots page
  • NC-18482 [Firewall] Segmentation Fault in Garner due to feedback channel output plugin
  • NC-18646 [Firewall] Opening master connection ID link from connection list page some time hangs
  • NC-18948 [Firewall] Unable login to user portal after upgrade from 16.05.MR3 to 16.05.MR4
  • NC-19073 [Firewall] Websites are not accessabile due to DNS issue
  • NC-19437 [Firewall] SQL Injection: Ping / Guest user name change
  • NC-18574 [Framework(UI)] Maximum number of connections exceeded - UI not accessible some times
  • NC-17811 [HA] Mark irrelevant firewall policy for incoming WAF traffic in HA
  • NC-18961 [HA] HA A-A mode, traffic doesn't pass from aux while interface is in bridge/LAG mode
  • NC-19063 [Hotspot] Hotspot configuration not synchronize after enable HA
  • NC-15733 [IPS] ALG helper not working for protocol H.323
  • NC-19096 [IPS] IPS/ATP slowing or blocking the connection
  • NC-19328 [IPS] Detect UTF encoding even when charset in "HTTP response header" and "Byte Order Mark" are missing
  • NC-18869 [Mail Proxy] SF failing PCI compliance on port 25 due to MTA mode responding to RC4 ciphers
  • NC-19095 [Mail Proxy] Email banner is added to both incoming and outgoing emails
  • NC-19399 [Mail Proxy] Error "Too many files open"
  • NC-19649 [Mail Proxy] Firewall rule marked when internal mail transaction started with MTA
  • NC-6130 [Mail Proxy] Fallback DNS for MX
  • NC-19296 [Networking] USB Modem not detected with recommended setting
  • NC-15472 [Reporting] Report SMTPs traffic when using secure communication over port 25
  • NC-19268 [Reporting] Missing DB connection close treatment
  • NC-19442 [Reporting] In Chinese language Report => Manual purge => Month detail not available
  • NC-19974 [Reporting] Report Groups are not displaying for Custom View and Report Scheduling
  • NC-19614 [SSLVPN] OpenVPN vulnerabilities
  • NC-1437 [UI] Newly added protected server is not shown in listing while configuring public non-http policy
  • NC-18909 [WAF] Fix HTTPS redirection in case of missing host header
  • NC-18902 [Web] Updating any used port in web proxy listening port does not display an error message
  • NC-19942 [Web] NTLM channel bind failed with AD server
  • NC-19981 [Web] Samba resolves DC without DNS
  • NC-18702 [Wireless] Split traffic not working on wireless network assigned to RED15w inbuilt AP
  • NC-18913 [Wireless] Not able to reach split networks from RED15w wireless network in case of transparent/split tunnel
  • NC-19060 [Wireless] RED15w inbuilt AP doesn't come up after network change
  • NC-19157 [Wireless] Cannot enable debug mode on hostapd


You can find the firmware for your appliance from in MySophos portal.

  • no troubles on upgrade, now were gonna see how it goes.

  • 1st day in and things are not so good on this release. Im particularly having issues with regards to authentication - STAS or NTLM. Erratic results and STAS just seems to blow up on occasion as if its database has suddenly collapsed. Not happy and Im considering reverting back to the former release.

  • Sorry, the previous comment was left by myself. Wrong account! So yeah, not quite so happy. It seems authentication is just not working with regards to user based firewall rules. I have had to put in a catch all rule to allow access because they just aren't hitting the specified rules. The funny thing is, that they were using STAS albeit for a short time. Now Ive reverted authentication back to NTLM Ive seen some really weird stuff going on but essentially, users auth is not being applied at the firewall rule level.

  • Did anyone have trouble with STAS post upgrade? Mines a bit broken.

  • , can you give us more details about "NC-19614 [SSLVPN] OpenVPN vulnerabilities"? Which one are covered? Thanks

  • Hello everyone,

    I am brand new to Sophos XG and this was my first Update. After the update I am having trouble to produce PDF Reports. I would be great if someone can push me in the correct direction to fix this on my system. (XG 115W, and Client iMac with Safari - but the problem exists also on Windows an different browsers)

    Best regards


  • Issue with multiple quarantine digest mails is solve, I noticed it but was not noted in the list. Thanx anyway.

    Any idea when feature set hostname in quarantine digest report will be added ?

  • +1 > [give us more details about "NC-19614 [SSLVPN] OpenVPN vulnerabilities"?]

  • After upgrade STAS authentication stopped working. Users are present on STAS agents but not synchronized to UTM. Moreover users aren't authenticated even if they put their credentials. Reverted to previous version. Very annoying

  • For who is having issue with STAS, please post here:



  • Since updating last night, all emails with docx, xlsx attachments are being filtered out.  Very frustrating, why doesn't the email filtering would as nicely as the UTM product?

  • Something wrong with Logs in this version or engines are different but we found that all IPS logs were not showing after updating until opened a case with support to fix it but still records looks different, they found that records are blocked through the console but not showing inside logs through appliance web console.

  • as far as I can see, "NC-19614 [SSLVPN] OpenVPN vulnerabilities" backports fixes for CVE-2017-7521,CVE-2017-7520,CVE-2017-7508,CVE-2017-7522

  • I upgraded today my XG Cluster. I'm not using STAS so I can't say anything about that, but it's frustrating seeing that the DHCP Relay issue is not solved. I had to manually re-create my DHCP Relay config.

    I'm still convinced that XG it's a quantum leap back compared to it's poor old brother in law UTM platform.