XG Firewall v18 GA-Build339 is now available!

XG Firewall v18 GA-Build339 is now available!

 

XG Firewall v18 GA-Build339 Enhancements:

This version adds v17.5 MR10 to v18.0 GA-Build339 upgrade and config migration support.

This version introduces the ability to disable SSL/TLS inspection rules, with a new toggle switch on Rules and Policies > SSL/TLS inspection rules. This is set to ‘Off’ by default for customers upgrading from SFOS version 17.5, to avoid potential behavioral changes on upgrade. You must turn it on to enable the new Xstream SSL/TLS decryption functionality, including the SSL/TLS traffic statistics son Control Center.

 When SSL/TLS inspection is set to ‘On:

  • All traffic will be inspected to determine if it is SSL/TLS or not.
  • SSL/TLS decryption rules will be applied and connections will be logged as required by the rules.
  • SSL/TLS traffic statistics will be updated and shown on the Control Center.

When SSL/TLS inspection is set to ‘Off’:

  • No SSL/TLS decryption rules are evaluated or applied.
  • No traffic is decrypted by the DPI Engine. Traffic handled by the Web Proxy will still be decrypted, based on firewall rule configuration.
  • No SSL/TLS statistics are gathered. The statistics shown on the Control Center will no longer update.
  • For traffic matching firewall rules that have a web policy set, and that are not configured to use the web proxy, the DPI Engine still uses SSL/TLS inspection to enforce policy on non-decrypted HTTPS connections.

There is an additional control in Rules and Policies > SSL/TLS inspection rules > SSL/TLS inspection settings > Advanced settings labeled ‘SSL Engine’. If this is set to ‘Disable’, the SSL/TLS inspection engine will not be used at all. This option is only intended to be used for troubleshooting as directed by Sophos Support. When ‘SSL Engine’ is set to ‘Disable’:

  • No SSL/TLS decryption rules will be evaluated or applied
  • No traffic will be decrypted (unless it is being handled by the Web Proxy, based on firewall rule configuration)
  • No SSL/TLS statistics will be gathered. The statistics shown on the Control Center will no longer update.
  • The DPI Engine will be unable to apply web policy to any HTTPS traffic. This applies to traffic matching a firewall rule that has a Web policy set, and that is not using the Web proxy.

Plus, Several important issues have been resolved:

  • NC-54339 [Config Migration Framework] v17.5 MR-10 to v18.0 GA migration support
  • NC-56550 [Policy Routing] SD-WAN policy routing screen smudge with blue strip
  • NC-56201 [RED] Backup/Restore failed from v17.5 MR to v18 with specific RED configuration
  • NC-56397 [Web] User getting certificate error

 

More on XG Firewall v18

Please refer XG Firewall v18 highlights for more details on all-new Xstream Architecture delivering extreme new levels of visibility, protection and performance. Also, check out our XG Firewall v18 playlist on YouTube to find out what's new in XG Firewall v18!

Get it now!

As usual, this firmware update is no charge for all licensed XG Firewall customers. The firmware will be rolled-out automatically to all systems over the coming weeks but you can access the firmware anytime to do a manual update through MySophos.

For fresh installations, please find the following installer images:

Things to know before upgrading

Check out the relevant sections of the XG v18 release notes for details on:

Making the most of your new XG Firewall features

Free Online Training

  • Available for free for all XG Firewall customers, our delta training program will help you make the most of the new features in XG Firewall v18.
  • This online program walks you through the key enhancements since v17.5 and takes about 90 minutes to complete.

Customer Resources and How-To Videos

  • Also be sure to visit the Customer Resource Center for the latest How-To Videos and links to documentation, the community forums, training and other resources.

Take advantage of Partner and Sophos Professional Services

  • To augment your local Sophos partner’s services, we offer services to help you getting up and running and make the most of your XG Firewall, including the latest capabilities in v18.
  • While Sophos Professional Services can help with any task, here are the most common services they provide:
    • XG Firewall deployment and setup
    • XG Firewall v18 DPI, FastPath and SSL Engine Optimization
    • XG Firewall Health Checks

Here are some direct links to helpful resources:

New to XG Firewall?

If you’re new to XG Firewall, see how it provides the world’s best network visibility, protection and response on the new XG Firewall website.

  • Update: I added the links to the SFOS installer images.

  • Hello talex,

    but the links do not work, files cannot be downloaded.

    Regards

    alda

  • Thank you so much, been waiting a long time for some features in this release.

  •   thanks for the hint, I fixed the links.

  • After Upgrading on Hyper-V to Version 18; I was unable to access the firewall and several rules were not working properly. I was able to get out to the internet. I was unable to access the system even via SFLoader. After much troubleshooting I removed the Network Cards from the VM and added the Network Adapters back in; this time as Legacy Network Adapters. Then I was able to ping and SSH to the VM of Sophos XG 18. I was unable to access the web interface; I had to reset the default Web Admin Certificate in order to access the Firewall via the browser. For anyone running Hyper-V and Sophos XG firewall 18.x+ it appears that it must use Legacy Network Adapter now as was not the case previously. At least on Hyper V 2012. Good Luck everyone.

  • Also on Legacy Network Adapters with Hyper-V 2012, you get about half throughput just in case anyone was interested.

  • but the links do not work, files cannot be downloaded.

    <a href="njuifile.site/">new jersey unemployment

    </a>