Hi XG Community!
We now have SFOS v17.1.0 GA available. Here's everything you need to know.
Right now, the release is available as manual upgrade to all SFOS versions via MySophos portal.
Please see the following KBA - Sophos Firewall: How to upgrade the firmware: KBA 123285
On-the-box upgrade (new firmware available pop-up & Check for new Firmware) will be made available a little later. Also, On-the-box upgrade will be released in a staged manner i.e. increasing the staged count incrementally over time.
Check out all the enhancements in XG Firewall v17.1 including the new Cloud Application Visibility feature in our XG Firewall v17.1 demo video.
You can find the PDF of what's new here: Sophos XG Firewall v17.1 Whats New.pdf.
In case you are managing your Firewalls using SFM/CFM, Firewalls running SFOS 17.1 GA won’t accept application filter rules when applied from a device group or template. You can manage application rules from the device-level view in SFM/CFM until this limitation is addressed in SFOS 17.1 MR-1.
To manually install the upgrade, you can find the firmware for your appliance at MySophos portal. Please see the following KBA - Sophos Firewall: How to upgrade the firmware: KBA 123285.
Please note that v17.1 is not yet available for XG 85(w) devices. We expect to have support for the XG 85(w) in the next release. Thank you for your patience.
Will there also be an update for SF210? (XG105)
I can only download firmware for SF300 (XG210 & XG135) from MySophos portal.
No problem with new version installing on our XG210 and XG210HA
No update for XG 105 rev.2
@SGH, @Tech Centio, we faced some issues on lower end appliances which is under investigation. For the time beeing, we only serve the SF300 firmware upgrade.
talex v17.1 has been withdrawn for SF110/SF220. Can you describe the problems with SF110/SF200 in more detail? We have about 20 XG85 with v17.1 running.
Cannot establish an SSL VPN connection due to TLS failure
We ran fine for a week on 17.1 and now appears we've run back into ipsec bugs. We had a tunnel go down on its own this morning and now all we see is "parsing IKE message from <ip address> failed". No changes on either end. Interesting thing is that we had this issue on other tunnels in previous versions of XG, but it's a new issue on this specific tunnel.
After upgrading this firmware, The MAC filtering rule is not working.
SSL VPN stop to work with error ssl3_get_record:descryption : failed or bad record mac
What about XG 105? Above it says not released to XG 85, but no download or updating from console for XG 105?
Why is 17.1 not available for XG105 devices, or any of the CR devices?
Your release notes say it's not available for XG85 but does not mention these other ones?