Related
Recommended
sfr1504

Hi XG Community!

We've finished SFOS v17.0.2 MR2. This release is available from within your device for all SFOS v17.0 MR1 installations as of now.

Besides that, the release is available to all SFOS version via MySophos portal.

Issues Resolved

  • NC-22609 [Access] Unable to import groups inside multiple OUs from AD
  • NC-19427 [API] Wrong date in validationError.log
  • NC-22394 [Authentication] User Portal login is logged as SSL VPN login
  • NC-22769 [Authentication] When importing from AD, the name of OUs which are inherited by multiple OUs and groups is not shown correctly
  • NC-23112 [Authentication] Authentication Agent - getting logged out automatically at random time
  • NC-19665 [Backup-Restore] Downloading backup creates Java exceptions
  • NC-21785 [Base System] Wizard UI Improvements
  • NC-22229 [Base System] SG115: pressing power off button does not shutdown appliance
  • NC-22574 [Base System] Control center misleadingly shows notification of new firmware availability for few minutes after firmware upgrade
  • NC-22631 [Base System] Typo in fwinstaller
  • NC-22688 [Base System, Certificates] Missing QuoVadis Root Certificate
  • NC-22771 [Base System] Export of 16.5 MR8 and import into v17.0 GA fails for configs without hostname
  • NC-22780 [Base System] Migration from CR to SF failed on CR500ia-10F appliance
  • NC-22911 [Base System] Blank screen is displayed when user synchronizes license after successful registration
  • NC-25573 [Base System] Users cannot activate license keys from SFOS
  • NC-22354 [Certificates] Passphrase box disappears after trying to upload a CA with private-key after upload fails
  • NC-22734 [Clientless Access] HTML5 VPN: keyboard input not working on Android devices
  • NC-22751 [Documentation] Japanese translation for LogViewer missing
  • NC-17413 [Firewall] Business rules created with device destined IP address can't be blocked with network rules
  • NC-20602 [Firewall] Incorrect validation for local acl and zone where HTTPS is disabled from current login zone
  • NC-21180 [Firewall] Add "Action" column to firewall rule grouping
  • NC-21897 [Firewall] Import/Export of firewall rule with dependent entity fails when a VLAN is configured on WAN
  • NC-22219 [Firewall] Issue with SNAT policy with multiple gateways
  • NC-22557 [Firewall] Service edit option not working in specific case
  • NC-22670 [Firewall] Unable to create RED interface
  • NC-22923 [Firewall] Hostset ERROR: XG stopped Responding
  • NC-22932 [Firewall] Export/Import fails for every entity after exporting Security Policy entity
  • NC-22946 [Firewall] Typo in SF API documentation for IP host object
  • NC-22958 [Firewall, SFM-SCFM] SFM Compatibility v17: DNAT rule cannot be updated in some combinations of forward type
  • NC-22982 [Firewall] Incorrect position of firewall rule name in Firefox
  • NC-22424 [Framework(UI)] Close notification button does not work properly
  • NC-22917 [Framework(UI)] Infomation icon does not show any info text in authentication page
  • NC-21856 [IPS] In AppFilter policy smart filter values are still displayed after removal
  • NC-22448 [IPS] Custom IPS signature not working for all keyword supported by snort
  • NC-22753 [IPS] Application filter is not updated when there is no application matching smart filter
  • NC-22834 [IPS] Application Filter Policy: All application is showing while editing through firewall rule with "selected individual application"
  • NC-22382 [IPsec] IPsec UI allow to configure incompatible policy resulting in a silent DPD action change in the backend
  • NC-22383 [IPsec] Typo in IPsec policy list: 'Action on Active Peer'
  • NC-22489 [IPsec] Incorrect IP routes added for local VPN traffic in case of NAT over IPsec
  • NC-22502 [IPsec] IPsec PSK secrets files do not contain local VPN IP
  • NC-22620 [IPsec] DGD can not be disabled
  • NC-22622 [IPsec] 'Remote ID' value shows blank on UI for IPSEC connection when external cert is used
  • NC-22633 [IPsec] Activate on save tries to connect to respond only connections
  • NC-22793 [IPsec] Cisco VPN connection with cert auth not working on iOS using config from userportal
  • NC-22888 [IPsec] IPsec S2S tunnel with PSK and local/remote ids not working
  • NC-22892 [IPsec] Aggressive mode IPsec policys are not filtered correctly in UI
  • NC-22900 [IPsec] Cannot create 2 IPsec RSA connections with same local id to different remote gateways
  • NC-22914 [IPsec] Connection status for DGD IPsec connections is not shown correctly
  • NC-23035 [IPsec] DGD table locked - postgres has returned errcode 25P02
  • NC-23125 [IPsec] "Randomize Re-Keying Margin by" - When setting the value to 0%, UI displays 100% after saving the policy
  • NC-23186 [IPsec] IPsec status not displayed when too many SAs are established
  • NC-22549 [Logging] Sandstorm logo displayed in RED for reason "eligible","pending" & "Cloud Malicious"
  • NC-22745 [Logging] Port and protocol information are missing in LogViewer standard view and filter
  • NC-15612 [Mail Proxy] Update DLP engine and CCL data
  • NC-19881 [Mail Proxy] Whitelist and blacklist for e-mail/domains in WebAdmin
  • NC-21366 [Mail Proxy] Spam e-mails pass due to error " X-CTCH-Error: Unable to connect local ctasd"
  • NC-21437 [Mail Proxy] Mail addresses with "systems" or "solutions" as top level domain cannot be added in address groups
  • NC-21671 [Mail Proxy] Message is not displayed properly in LogViewer
  • NC-21891 [Mail Proxy] Spam headers displayed in e-mail when sent through reply portal
  • NC-22271 [Mail Proxy] Issues with mails in spool marked with a firewall ID
  • NC-22921 [Mail Proxy] Email flow is affected for recipients using TLS1.0
  • NC-25332 [Mail Proxy] awarrenmta service segfaults when IP reputation is enabled
  • NC-22504 [Network Services] Unable to assign two static IP mappings for the same host in different DHCP scopes
  • NC-22163 [Networking] OSPF Neighbors not updated on changing multicast group limit
  • NC-22539 [Networking] Fail to add vlan when specific DHCP server confiration migrated
  • NC-22662 [Networking] Unable to make changes in WAN Link Manager for an interface with /31 subnet
  • NC-21952 [RED] Site-to-Site RED tunnel between XG and UTM does not pass traffic with hardware acceleration enabled
  • NC-22433 [RED] Generating certificates fails when long company name is used
  • NC-22174 [Reporting] Missing size verification on custom logo for on-box reporting
  • NC-22819 [Reporting] Application reports stop working after enabling Sync App Control
  • NC-22853 [Reporting] Drill down is not working in mail report when "Mail Count" is selected as sortby
  • NC-22868 [Reporting] Font style mismatch
  • NC-22364 [SecurityHeartbeat] EP_Certificates table not available error
  • NC-22778 [SecurityHeartbeat] Heartbeat registration fails with appliance in HA
  • NC-22151 [SSLVPN] When using special character in Appliance Certificate, SSL VPN connection fails
  • NC-22116 [Synchronized App Control] Last occurance time of applications in SAC is not consistent between HA nodes
  • NC-22384 [Synchronized App Control] After de-registration of Heartbeat enhancedappctrl service is still running
  • NC-22440 [Synchronized App Control] Sort list of categories in SAC customize menu
  • NC-22766 [Synchronized App Control] Path of a customized app is shortened in SAC customize popup when app path contains slashes
  • NC-22768 [Synchronized App Control] Uncategorized category is shown twice in the SAC customize popup
  • NC-22813 [Synchronized App Control] Fixed height for SAC data table
  • NC-22824 [Synchronized App Control] EP name with special character is not displayed correctly for macOS in SAC list
  • NC-22962 [Synchronized App Control] Show category in SAC app list
  • NC-22544 [UI] Incorrect start time displayed in Live Users list
  • NC-22576 [UI] Disclaimer message is shown without line breaks
  • NC-25275 [UI] Internet usage time displayed "NaN:NaN" value in Live Users list
  • NC-22319 [WAF] "Edit Reverse Authentication" dialog contains untranslatable strings
  • NC-22521 [WAF] Leftover of shm files cause a WAF restart loop
  • NC-21534 [Web] Certificate error on accessing sites with https scanning enabled
  • NC-21930 [Web] Incorrect Error message on Captive Portal when the user exceeds the number of simultaneous logins
  • NC-22023 [Web] Word list files with non-UTF8 or whitespace-only should not be uploaded successfully
  • NC-22124 [Web] Web Policy rule is converted to "AllWebTraffic" when adding more than one backslash character in the rule
  • NC-22125 [Web] When maximum limit is reached, web exceptions cannot be updated anymore
  • NC-22403 [Web] Certificate Error while accessing Outlook with direct proxy
  • NC-22653 [Web] Policy Tester does not display backslash in policy name correctly
  • NC-22721 [Web] AVD dies unpredictably when it runs out of memory
  • NC-22800 [Web] AVD stability fixes
  • NC-22930 [Web] Server side rbuf not reset for reused request
  • NC-22954 [Web] Access to Custom Captive Portal does not work
  • NC-23156 [Web] Not able to access any websites due to malformed ATP data update
  • NC-23163 [Web] Font color for Initial Setup Wizard changes
  • NC-12089 [Wireless] Unable to edit alias of "GuestAP" interface
  • NC-19166 [Wireless] SSID disappears randomly with Dynamic Channel Selection
  • NC-20761 [Wireless] Wireless Client List shows wrong IP address after network change
  • NC-21369 [Wireless] VLAN and non VLAN SSIDs can't be selected at the same time for RED15w
  • NC-22358 [Wireless] SSID is not broadcasted from time to time
  • NC-22852 [Wireless] Wireless network interface status states being unplugged

Downloads

You can find the firmware for your appliance from in MySophos portal.

  • This update killed our DHCP. v17.0.2 can´t deal with dhcp relay. Going back to 16.05.7 MR-7 restores this functionality.

  • If you haven't yet, please upgrade to SFOS v17 MR-3 that was released today. It includes a fix for NC-25584 [IPsec] IPsec tunnel frequently gets disconnected after migration to v17.

    For release notes: community.sophos.com/.../sfos-17-0-3-mr3-released

    Thanks,

    Karlos

  • DHCP relaying doen't work anymore at a customer of us. Have anyone the same problem?

  • I'm monitoring this chat as I had just procured 2 of the XG 310.  I had planned on migrating our SonicWall over to the XG 310 with MR2, but now have some hesitations.

    Is anyone else having major problems that impact firewall/email flow? Should I stick with MR1?

  • Hi , I am with you on this one. It is the first time that I have handled a product wherein there is a firmware update to fix a very common issue . Then as per the release notes, you upgrade your device, then after the upgrade, it is still a 50-50 chance that your issue is fixed and then you realize that another issue arises after the upgrade. I have never been in this situation on one particular product where I have to upgrade to fix a current issue only to downgrade because not only that it did not fix the issue but it also break another thing. Of course, I understand that it is not always  a black and white situation. But I have handled a whole range of products  for a long time and again I never had this kind of problem where the cause lies within the product itself.

Unfiltered HTML