Configuring VPN Remote Access for the first time on your Sophos XG Firewall? Check out this useful Community post!
Advisory: Sophos XG Firewall - Antivirus service stopped due to failed pattern update. Please visit this KBA for the latest updates
Hi XG Community!
We've released SFOS v17.5.4 MR4 for the Sophos XG Firewall. Initially, the firmware will be available by manual download from your MySophos account. We then make the firmware available via auto-update to a number of customers, which will increase over time.
Update: Due to an issue in IPSec in combination with Sophos Connect, we had to replace the initial SF 17.5 MR4 (126.96.36.1999) with SF 17.5 MR4-1 (188.8.131.529). The new firmware is available for download from your MySophos account.
Please visit the following link for more information regarding the upgrade process: Sophos XG Firewall: How to upgrade the firmware.
NC-28883 [Authentication] Able to change group membership of backend users when authserver doesn't exist anymore
NC-38834 [Authentication] access_server service getting restarted due to heartbeat found dead
NC-39735 [Authentication] User under an OU falls under OPEN GROUP upon authentication
NC-40072 [Authentication] Not able to delete surfing quota profile, delete opcode search for accesspolicyid instead of surfingquotapolicyid
NC-40945 [Authentication] Failed and successful Logins at the same time
NC-42329 [Authentication] Unable to upgrade from v17.1 MR4 to v17.5 GA
NC-34479 [CSC] Virtual XG randomly rebooting - snort using up all swap
NC-39990 [DHCP] When statically assigning an IP to a devices on multiple DHCP scopes, the gateway settings are pulled from the first one
NC-34039 [Email] Websites are blocked by Sophos AV because of reason "Malware"
NC-38555 [Email] File Protection can't block MIME type doc
NC-38840 [Email] Unable to delete a particular email which was quarantined
NC-40071 [Email] GUI option for offline relate on/off for inbound mails
NC-40131 [Email] Mail downloaded from error queue doesn't get displayed properly in mail client
NC-40364 [Email] Personal email exception manipulation by other authenticated users
NC-40389 [Email] Mails released from spool get an incorrect firewall rule ID
NC-40666 [Email] Coredump in mailscanner
NC-41061 [Email] SPX encryption leads to "carriage return and line feed" in attachments
NC-41574 [Email] SPF should get applied on inbound mail sent from protected domain to protected domain from internet
NC-41862 [Email] Mail log on GUI does not show delivered mails
NC-42409 [Email] Bounce back mail due to recipients having MX records which point directly to an IP
NC-43353 [Email] smtpd behavior is different from 17.1 to 17.5 (without subscription)
NC-43703 [Email] Warren service unable to load EC type CA certificate.
NC-35350 [Firewall] PPPoE interface status remains in status "Connecting" for 2 hours
NC-39522 [Firewall] Network protection options in setup wizard of XG are misleading
NC-39605 [Firewall] Modifying one time schedules fails, if timer has already triggered
NC-39907 [Firewall] API command to enable SpoofProtection is not working
NC-40176 [Firewall] Firewall rule is listed in business application rule destination network objects
NC-40622 [Firewall] Incomplete MAC address shown in Log Viewer
NC-41316 [Firewall] Update country host DB
NC-41389 [Firewall] HA - system doesn't send out garp upon failover
NC-41632 [Firewall] Business Rule - port translation not working as expected
NC-41652 [Firewall] Unable to delete vlan interface - "Interface could not be deleted"
NC-42342 [Firewall] One time timer are executed before expected time
NC-39813 [FQDN] Unable to use underscore in FQDN host creation
NC-37771 [Hotspot] Duplicate vouchers in export files
NC-38004 [Hotspot] Hotspot password of the day is not getting reflected into run time config
NC-38120 [IPsec] L2TP over IPsec is sending keepalives forever
NC-38746 [IPsec] S2S connection is not initiated after DHCPv6 interface update
NC-39267 [IPsec] IE11: cannot create and update IPsec policy
NC-41299 [IPsec] IPsec SA is updated with incorrect SA information
NC-42099 [IPsec] Sophos Connect Client cannot connect to Sophos Connect Client policy using digital certificates
NC-42290 [Licensing] Additional CPU cores not detected in v17.5 after license upgrade (NC-26328)
NC-40282 [Logging Framework] High CPU usage from garner / active.db grows continuously
NC-34323 [RED] HA active-active routing issue over RED S2S tunnel
NC-42159 [RED] Validation of provisioning file failed
NC-40444 [RED_Firmware] Tunnel compression does not work
NC-38899 [Reporting] Scheduled custom mail reports received via email does not show the mail size
NC-40303 [Reporting] Log Viewer is not loading new logs after screen unlock
NC-40983 [Reporting] Follow-up for NC-26459: Reports for "Traffic Insight" not shown on dashboard
NC-41788 [Reporting] Unable to upload custom logo
NC-41232 [SecurityHeartbeat] Heartbeat status on XG showing "at risk" instead of "green"
NC-36776 [Synchronized App Control] New Apps number doesn't match the displayed list entries
NC-37423 [Synchronized App Control] SAC Tab fails to load for high number of EPs and APPs
NC-37815 [UI Framework] Guest User expiration is not correctly ordered
NC-40158 [WAF] Disable TLS session tickets
NC-34088 [Web] Application control shows blocked applications when they are not blocked
NC-38892 [Web] Inappropriate description in web category for "Society & Culture"
NC-39517 [Web] Webfilter memory usage is growing over time and not going down
NC-39817 [Web] Application filtering using "Smart Filter" filter disappear randomly
NC-40265 [Web] Unable to run web policy test for generic top level domains
NC-40503 [Web] Web filter policies not getting updated after CR to SFOS migration
NC-42264 [Web] Garner on Aux node dead after upgrade to v17.5
NC-43056 [Web] Policy tester activities shows junk characters in result with file download is blocked
NC-38368 [Wireless] APs randomly going to INACTIVE STATE
NC-38868 [Wireless] Time based scan with DCS is not showing after configuration for 5.0Ghz
NC-39840 [Wireless] Wireless interface going to UNPLUGGED STATE
NC-39986 [Wireless] 5 Ghz band is not available in AP setting while country set to Qatar
NC-40091 [Wireless] Disable TCP Segmentation Offload for separate zone interface
NC-38085 [WWAN] Unable to detect 4G USB Modem D-Link DWM-222 A1 on XG 125 and XG 85 with HW Rev.3
To manually install the upgrade, you can download the firmware from the MySophos portal. Please refer to Sophos XG Firewall: How to upgrade the firmware.
Installed on XG450, XG230, Software XG, Azure XG, Lab XG(VMware) and HyperV XG.
Still waiting for feature to have hostname in quarantine reports and not IP WAN address....
Any news when this will be implemented from v16 and up its promised everytime
Installed on XG105 and XG210. Backups are being forced to have a password. I would have preferred and "opt-out" button.
Next to a checkmark in XG, what exactly does this provide? :
Improved and expanded firewall notification via email.
Note to self: RTFM:
Select Email alert to receive email notifications for the following events:
Sign-in failed for web admin console, SSH, or CLI console
Advanced threat protection alert or drop actions
Installed new firmware
System restart initiated through web admin console
System shutdown initiated through web admin console
:-) - Found in XG help section.
Someone knows if in this version they stop having red connection problems. it is rumored that in version 17.5.3 they had connection details. I'll appreciate your answer
Retiring HTTP/S bookmarks in the next major feature release. Use web server protection rules as an alternative.
"Retiring HTTP/S bookmarks in the next major feature release. Use web server protection rules as an alternative." I have clients that use this to manage devices (internally) o the network from the client portal. Now you Chits are going to remove the feature. Sophos is like Mophos to its customers in removing features that work in favor of features that have existed for years on the UTM. I have had enough! I bang my fist down here and say no more. Leave this feature alone kents!
Installed on Software XG. No issues so far.
Thank you!!! Waiting for all these fixes. I downloaded via MySophos Portal and manually upgraded. It seemed much more responsive than previous version of 17.5-MR3. Hopefully this will fix the emails coming with base64 message not decoded.
Installed last night on my white box unit, and instantly noticed considerable drop in memory utilisation.
Why the encrypted backups are enforced???? This will most certainly lead to many restore failures due to forgotten passwords ☹
I’m unsure whether this means that all the XG backups for all customers will stops until the password will be entered????
PS: Just upgraded on 8 XGs (mix of 105-310).
the native Cisco VPN (now called Sophos Connect) is broken on macOS and iOS. The DNS server ip is not published to the client anymore.
Additionally getting the DNS server via DHCP from the internal network (e.g. over WiFi) seems to take a lot of time as well now. Sometimes you need to reconnect the WiFi in order to get it to work.
I'm going back to MR3 for now.
Hi Dom Nik,
I will follow up with you via PM regarding this issue, but I would advise to please raise a support case so that further investigation can be performed.
Installed HW-17.5.4_MR-4.SF210-409 on LAB(Virtual Box) and SW-17.5.4_MR-4.SFW-409 on (Prod) SG105w