Sophos Firewall Manager - SFM 17.1.0 GA Released

Hi XG Community!

We've finished SFM v17.1.0 GA. This release is available from within your device for all SFM installations as of now.

Beside that, the release is available via MySophos portal.

What's New

Key Features

  • Shadow IT management across firewalls
  • Improved alerting contents
  • Comprehensive management of all features available in Sophos XG Firewall v17.1

Enhancements

  • Added additional Settings to Authentication Servers -> RADIUS Server
  • Shadow IT discovery support
  • Configurable SSL VPN port
  • Allow user to edit rule while double clicking on the rule
  • Easily control Google QUIC during firewall rule creation
  • Added Email Exceptions
  • Allow creation of empty smart filter
  • Allow and Block lists for Email/Domains on Admin Portal

Notes

Here's a overview of the compatibility of SFM to different Sophos Firewall versions: Compatibility Guide for SFM and SFOS.pdf

Issues Resolved

  • NCCC-5431 [SCFM] Country objects are not sorted alphabetically
  • NCCC-6339 [SCFM] CFM does not fetch SF firmware detail through feature 'check for latest firmware' due to opcode timeout
  • NCCC-6369 [SCFM] Connection status show disconnected though HB packets are reaching to CFM/SFM
  • NCCC-6398 [SCFM] Unable to import all configuration as template from SG device
  • NCCC-6427 [SCFM] Fail message in event viewer for certificate even though certificate apply successfully on SF Device
  • NCCC-6671 [SCFM] XG devices losing sync to CFM frequently
  • NCCC-6697 [SCFM] Schedule backup is taken on next day in SCFM
  • NCCC-6346 [SF Compatibility] Compatibility v17.1: Loading on page when going to add IPS policy rules in IPS policy
  • NCCC-6348 [SF Compatibility] Compatibility v17.1: Traffic Shaping default page getting blank
  • NCCC-5821 [SFM] Authentication issues when using AD with SFM
  • NCCC-5897 [SFM] Can not integrate LDAP with SFM (error: javax.naming.AuthenticationException)
  • NCCC-6070 [SFM] VPN connection, HA status, Red tunnel and Gateway status change alerts are generated for inactive profile
  • NCCC-6081 [SFM] Default Web Exception 'Teamviewer Remote Access' is missing
  • NCCC-6101 [SFM] Clientless users can not be updated from custom group
  • NCCC-6238 [SFM] Radius Authentication is getting failed
  • NCCC-6266 [SFM] License page of SFM WebAdmin shows wrong contact information
  • NCCC-6292 [SFM] Unable to add a device to SFM
  • NCCC-6300 [SFM] SFM is not able to boot properly on Hyper-V platform
  • NCCC-6305 [SFM] Vulnerability fixes (CVE-2016-2183, CVE-2014-3566, CVE-2013-2566, CVE-2015-2808)
  • NCCC-6337 [SFM] Event viewer taking long time to load
  • NCCC-6379 [SFM] SF devices won't be deleted from SFM because of block query
  • NCCC-6430 [SFM] Unable to push the application based traffic shaping policy to the firewall using template
  • NCCC-6541 [SFM] STAS configuration using template is not working
  • NCCC-6680 [SFM] IPS Policy rules are not pushed in the same order as made in template
  • NCCC-6728 [SFM] External authentication is not working with multiple LDAP servers
  • NCCC-6731 [SFM] Unable to modify Admin user
  • NCCC-6737 [SFM] Firewall rules showing up "0" in template when importing configuration into template in SFM
  • NCCC-6738 [SFM] Web server are not working when pushed as template configuration
  • NCCC-6750 [SFM] Cannot delete host: Selected Entity(ies) cannot be deleted due to dependency. Check Entity Usage Reference for dependency details.
  • NCCC-6765 [SFM] Template with more than one remote networks does not work
  • NCCC-3198 [SFM-SCFM] Unbound or disabled physical port on XG firewall should not shows up as "interface status" DOWN in SFM/CFM
  • NCCC-5238 [SFM-SCFM] IPS Manage page shows wrong records for custom group level
  • NCCC-5287 [SFM-SCFM] Not able to update SSLVPN (Site to Site) > Server from custom group
  • NCCC-6202 [SFM-SCFM] User can not clear HB registration from multiple SFOS
  • NCCC-6378 [SFM-SCFM] Template pushed is not reflected in appliance when using HA
  • NCCC-6443 [SFM-SCFM] Unable to restore backup from SCFM
  • NCCC-6667 [SFM-SCFM] Cannot add generic top-level domains to the Web's URL groups
  • Ever since I upgraded my Sophos Firewall Manager back in March 2019, I can no longer use it to deploy firmware updates to my XG/SFOS firewalls.  When I try to check for available firmware updates, the list comes back either empty or only shows a single model - but I have 30 managed firewalls in there of various models.  Is this a known issue?  Is there a fix that does not involve a support person conflating SFM with CFM?

  • I had to clear the content of /content/u2d/ and /content/u2d/downloads to get the firmware updates working.

  • Hi Guys, I have problem with propagating VPN template/device_group config to both XG310 and XG135 from Sophos FM 17.1.0 GA.

    When I click VPN menu it loading and loading....and...stuck loading. When I choose individual device it is working.

    But one of the SFM ideas is to create templates, propagate config to device groups.