Hi XG Community!
We've released SFOS v17.5.9 MR9 for the Sophos XG Firewall. Initially, the firmware will be available by manual download from the Licensing Portal. We then make the firmware available via auto-update to a number of customers, which will increase over time.
Please visit the following link for more information regarding the upgrade process: Sophos XG Firewall: How to upgrade the firmware.
To manually install the upgrade, you can download the firmware from the Licensing Portal. Please refer to Sophos XG Firewall: How to upgrade the firmware.
Bug fixes again. Mostly these:
NC-50528 [Email] Patch Exim (CVE-2019-15846)
NC-50172 [Web] Conform to Apple's new certificate requirements (awarrenhttp)
Thanks guys for fixing apple certificate issue.
Based on kb: community.sophos.com/.../134597, XG was not vulnerable to Patch Exim (CVE-2019-15846) and now in the fix, there is: "NC-50528 [Email] Patch Exim (CVE-2019-15846)". talex is anything discovered vulnerable or just some update to exim configuration to avoid any configuration that can lead exim to become vulnerable under certain circumstances? Thanks
lferrara. I had the exact same questioning.
Is there major impact if we upgrade this patch to our firewall or not?
NC-46473 [Authentication] Constant login/logout of users
I hope this fixes the problem with a few iPads we have in the field.
How can I find more information on a particular 'NC' ?
unable to boot after upgrade
SSL VPN is broken after update.
lferrara: Nothing changed to what was mentioned in the KB. But it is a good practice to patch/update if there are known vulnerabilities, even if SFOS is not affected.
4ng3er Try to restart the service via "service sslvpn:restart -ds nosync"
fixed our problem !
THX mxull. This fixed the problem. Does it reappear by rebooting the XG, or is it only at the first MR9 boot?
Was wrong on the problem. The ddos I enabled was the culprit.... sorry on that. Forgot I did that
still quagga (bgpd) 0.99.22... with no v6 support :/
Is thery any Quality assurance at Sophos ?!?