Hi XG Community!

We've released SFOS v17.5.7 MR7 for the Sophos XG Firewall. Initially, the firmware will be available by manual download from your MySophos account. We then make the firmware available via auto-update to a number of customers, which will increase over time.

Please visit the following link for more information regarding the upgrade process: Sophos XG Firewall: How to upgrade the firmware.

Issues Resolved in SF 17.5 MR7

  • NC-41262 [Authentication] Users randomly getting disconnected with CAA

  • NC-46466 [CaptivePortal] Connection security configuration options for Captive Portal and HTTP Proxy

  • NC-46787 [CM (Zero Touch)] Some USB pen drives fails to mount

  • NC-46750 [Dynamic Routing (PIM)] Camera recordings are missing at NVR

  • NC-46707 [Email] Exception for IP reputation and RBL works incorrectly

  • NC-43902 [Firewall] API export of service objects has the incorrect order

  • NC-45322 [Firewall] NMI backtraces

  • NC-45603 [Firewall] Legacy Mode SMTP rule with IPlist not working

  • NC-47632 [Firewall] TCP SACK PANIC - Kernel vulnerabilities

  • NC-45720 [Firmware Management] Device rebooting continuously while boot with SFOS firmware version after migration from CROS

  • NC-46658 [RED] Typo in Popup message after RED creation in German language setting

  • NC-43414 [Authentication, SSLVPN] Login restriction feature on user accounts for SSL VPN not working correctly

  • NC-45258 [SSLVPN] Wrong route is added while using static virtual IP address in SSL-VPN Site-to-Site tunnel

  • NC-46579 [Web] Unable to add sub-domain when sub-domain contains single value

  • NC-47906 [Wireless] TCP SACK PANIC - Kernel vulnerabilities on XG managed AP

Download

To manually install the upgrade, you can download the firmware from the MySophos portal. Please refer to Sophos XG Firewall: How to upgrade the firmware.

  • Previous day logs are deleted and left only recent logs. My log retention are configured at 1 month.

    is it only me or this is bug?

  • Any predictions for MR8?

    It is impossible to work with logs in logviewer to be frozen on the same date all the time. :((

  • Not a single comment from Sophos to this thread? It's a cluster of showstoppers after a regular stable firmware update.  Where is the hotfix to this important security update? I have enjoyed working with Sophos XG. At a time where PFSense modules were in an insanely broken state, Untangle was way too resource hungry (and the interesting modules were payware), Sophos UTM looked a little outdated... I had found Sophos XG and I had really hoped that it would be the future of a commercial enterprise firewall virtual appliance that would simply work and had all the Multi-WAN features one would want. And the beginning was awesome. But from firmware to firmware update, I had to disable more and more features because they would cripple my connectivity or render websites broken until the point that I end up being unable to use this product because site to site VPN connectivity broke entirely. Then on the other side, PFsense 2.4 has matured during the past years and has become a rock solid product where everything just works, at a fraction of resources and with seconds of booting. I want something that just works and that doesn't eat my time because it's so incredibly incompatible with other stuff (that uses exactly the same components, such as OpenVPN). Oh yeah, just remembering what I have gone through to set up proper site to site openvpn using Multi-WAN, with all its limitations and weird configurations, just to find out it is impossible to do right unless I add additional hardware that does the tricks for Sophos XG to actually work. Or these lovely SIP clients behind a Sophos XG firewall that would lose connectivity to the SIP server at the worst possible moment (getting the server pretty much stuck) so I was forced to add an additional router just for the phones. I was forced to work and trick so much with Sophos XG just to do stuff right (that I could have done in 5 minutes from within a linux shell) that after a while I have become really experienced with this product. Yes, this is a very powerful product and when I look around the underlying OS I am impressed by all the work, it is a truely custom flower. But I have come to the point where I must say, the experiment is over. There were no groundbreaking changes in 4 years of using Sophos XG but instead the quality has decreased. I have just migrated to PFsense and the responsiveness and speed of my WAN connections (and the speed I get over VPN) is surprising. I use a very complex 4x Multi-WAN setup with a lot of stuff having to fail over dynamically (including the re-routing of multiple networks), the migration took me 2 days and for the moment I must say, it was worth it. Good luck Sophos with this product, I hope you are getting some serious manpower to actually bring it back on track. it's been fun working with it but time has passed by and often I did wonder why I had ever upgraded from Sophos UTM (that product just worked). I can still recommend it to people on medium speed broadband connections looking for a simple Multi-WAN solution, but for the moment the quality is not sufficient for what I am expecting from an enterprise firewall. I hope this will get improved. All the best!

  • Can someone explain the fixes in HW-17.5.7_MR-7.SF300-511 from the GA release? we have multiple customers that have been affected by slow HTTP browsing since updating to the GA version.

    Thanks

  • What is wrong with Sophos XG, they are clearly using this product just to push the envelope but I am getting afraid to put this into any big networks after my first few..  I was thinking of standardizing on the XG firewall for all clients but after some horrible experiences with firmware upgrades I changed my mind. I understand that they use a patchwork of various open-source technologies but it seems so half-assed when they patch it all together stuff always breaks.