Hi XG Community!

We've released XG Firewall 18.0 GA-Build379. Initially, the firmware will be available by manual download from the Licensing Portal. We will gradually release the firmware via auto-update to customers.

Please visit the following link for more information regarding the upgrade process: Sophos XG Firewall: How to upgrade the firmware.

Security Release

  • Fixes SQL injection vulnerability and malicious code execution in XG Firewall/SFOS detailed out in KBA135412

Important note

  • This is a security release for v18 GA; incremental to the previous GA release 18.0 GA-Build354
  • We will soon have a re-release of v18 MR1 to support SD-RED devices and upgrade from v17.5 MR11/ MR12
  • You can upgrade from SFOS 17.5 (MR6 to MR10) to this release 18.0 GA-Build379
  • Hotfix referenced in KBA135412 is NOT required for 18.0 GA-Build379 as CVE-2020-12271 has been fixed in this release version

Issues Resolved in XG Firewall 18.0 GA-Build379

  • NC-59408 [API Framework, UI Framework] SQLi prevention in hybrid request - ORM fields and mode parameters (CVE-2020-12271)
  • NC-58898 [Email] Potential RCE through heap overflow in awarrensmtp (CVE-2020-11503)
  • NC-59300 [Email] Blind pre-auth SQLi in spxd on port 8094
  • NC-59454 [UI Framework] Enable apache access logs

More on XG Firewall v18

Please refer XG Firewall v18 highlights for more details on all-new Xstream Architecture delivering extreme new levels of visibility, protection and performance. Also, check out our XG Firewall v18 playlist on YouTube to find out what's new in XG Firewall v18!

Get it now!

As usual, this firmware update is no charge for all licensed XG Firewall customers. The firmware will be rolled-out automatically to all systems over the coming weeks but you can access the firmware anytime to do a manual update through MySophos.

For fresh installations, please find the following installer images:

 

Things to know before upgrading

You can upgrade from SFOS 17.5 (MR6 to MR10) to this release 18.0 GA-Build379. We will soon have a re-release of v18 MR1 to support SD-RED devices and upgrade from v17.5 MR11/ MR12. Check out the relevant sections of the XG v18 release notes for details on:

Note: Please note that upgrading from SFOS v17.5.x to SFOS v18 GA-Build379 may take longer than normal, due to the file system correction checks. The approximate time is dependent on the hard disk size and state. More info available in this KBA.

Making the most of your new XG Firewall features

Free Online Training

  • Available for free for all XG Firewall customers, our delta training program will help you make the most of the new features in XG Firewall v18.
  • This online program walks you through the key enhancements since v17.5 and takes about 90 minutes to complete.

Customer Resources and How-To Videos

  • Also be sure to visit the Customer Resource Center for the latest How-To Videos and links to documentation, the community forums, training and other resources.

Take advantage of Partner and Sophos Professional Services

  • To augment your local Sophos partner’s services, we offer services to help you getting up and running and make the most of your XG Firewall, including the latest capabilities in v18.
  • While Sophos Professional Services can help with any task, here are the most common services they provide:
    • XG Firewall deployment and setup
    • XG Firewall v18 DPI, FastPath and SSL Engine Optimization
    • XG Firewall Health Checks

Here are some direct links to helpful resources:

New to XG Firewall?

If you’re new to XG Firewall, see how it provides the world’s best network visibility, protection and response on the new XG Firewall website