Configuring VPN Remote Access for the first time on your Sophos XG Firewall? Check out this useful Community post!
Advisory: Sophos XG Firewall - Antivirus service stopped due to failed pattern update. Please visit this KBA for the latest updates
Hi XG Community!
We've released SFOS v17.5.9 MR9 for the Sophos XG Firewall. Initially, the firmware will be available by manual download from the Licensing Portal. We then make the firmware available via auto-update to a number of customers, which will increase over time.
Please visit the following link for more information regarding the upgrade process: Sophos XG Firewall: How to upgrade the firmware.
To manually install the upgrade, you can download the firmware from the Licensing Portal. Please refer to Sophos XG Firewall: How to upgrade the firmware.
Bug fixes again. Mostly these:
NC-50528 [Email] Patch Exim (CVE-2019-15846)
NC-50172 [Web] Conform to Apple's new certificate requirements (awarrenhttp)
Thanks guys for fixing apple certificate issue.
Based on kb: community.sophos.com/.../134597, XG was not vulnerable to Patch Exim (CVE-2019-15846) and now in the fix, there is: "NC-50528 [Email] Patch Exim (CVE-2019-15846)". talex is anything discovered vulnerable or just some update to exim configuration to avoid any configuration that can lead exim to become vulnerable under certain circumstances? Thanks
lferrara. I had the exact same questioning.
Is there major impact if we upgrade this patch to our firewall or not?
NC-46473 [Authentication] Constant login/logout of users
I hope this fixes the problem with a few iPads we have in the field.
How can I find more information on a particular 'NC' ?
unable to boot after upgrade
SSL VPN is broken after update.
lferrara: Nothing changed to what was mentioned in the KB. But it is a good practice to patch/update if there are known vulnerabilities, even if SFOS is not affected.
4ng3er Try to restart the service via "service sslvpn:restart -ds nosync"
fixed our problem !
THX mxull. This fixed the problem. Does it reappear by rebooting the XG, or is it only at the first MR9 boot?
Was wrong on the problem. The ddos I enabled was the culprit.... sorry on that. Forgot I did that
still quagga (bgpd) 0.99.22... with no v6 support :/
Is thery any Quality assurance at Sophos ?!?