Sophos Central Endpoint and SEC: Computers fail/hang on boot after the Microsoft Windows April 9, 2019 update. Please follow knowledge base article 133945
Learn about the Benefits of Multi-Factor Authentication (MFA). Turn your MFA on now!
Hi XG Community!
We've finished SFOS v16.05.5 MR5. This release is available from within your device for all SFOS v16.05 installations as of now and will increase the group in a few days.
The release is available to all SFOS version via MySophos portal.
NC-14549 [API] Unable to delete a web policyNC-16612 [API] Can not configure second WAN link on any physical interfaceNC-17948 [API] Getting different autogenerated password for same guest user in HA (Primary and Auxiliary device)NC-17955 [API] Unable to ping facebook.com from ping tool in the diagnostics pageNC-18595 [API] Issues with char encoding using Sophos APINC-16205 [Authentication] First user login not registered with firewallNC-17493 [Authentication] Radius authentication doesn't work for Webadmin loginNC-17767 [Authentication] AD users cannot login to userportal with samAccount name plus domain information in loginNC-18282 [Authentication] Client based SSO doesn't workNC-18630 [Authentication] AD users email addresses will be cut if the email address contains more than 64 charactersNC-18940 [Authentication] access_server crash when multiple users log in at the same timeNC-18733 [Base System, License] UTM9 to SF – Eval to full license migration fails in one of two possible user flowsNC-13297 [Base System] Appliance certificate is invalid after import .xml file.NC-16623 [Base System] Firmware install message shows "undefined" string instead of firmware display version on GUINC-16660 [Base System] CCL details XML information not displaying for Sandbox Events on System Service > Log SettingsNC-17339 [Base System] Hotspot with voucher and full customization can't be createdNC-17393 [Base System] Eval registration from a SG appliance results in multiple registration requestsNC-17545 [Base System] Interface names are not correct for 4-Port 10G module with CR200iNG-XP/CR300iNG-XP appliancesNC-17753 [Base System] User not displayed in correct format in log-viewer in case of email sandboxNC-18497 [Base System] XG Home subscription - RAM in some corner cases gets Limited to 4GB than 6GBNC-18830 [Base System] Appliance certificate's issuer CA not present resulting in not able to download SSL client from user portalNC-3719 [Base System] VPN IPSec connection name length increase from 50 to 100NC-8998 [Base System] During memtest from SFLoader, units don't reboot by pressing ESC buttonNC-18485 [CR-to-CN_Migration] Migration failed from CR 10.6.5-050 to SF 16.05.3-MR3NC-17334 [Certificates] Certificate Authority can not be deleted in specific scenarioNC-13570 [Clientless Access(HTTP/HTTPS)] Clientless Web Access: Site access issue with 'Restrict Web Application ON' in policyNC-18639 [DDNS] IP not getting updated in case of NATed IP address using Sophos DDNSNC-15754 [Date/Time Zone] Time Zone changes for RussiaNC-13855 [Firewall] CCL link not displaying for device access from group level and device levelNC-16484 [Firewall] Kernel Panic on 'IPSET -L' when host have more than 600 IPsNC-16819 [Firewall] Device becomes inaccessible after deleting Business Policy ruleNC-17042 [Firewall] "Log Firewall Traffic" is unchecked in firewall rule but visible in log viewerNC-17420 [Firewall] Unable to set proxy port as 80NC-18425 [Firewall] In WAN to LAN rule firewall drop and reject doesn't work for HTTP and HTTPS trafficNC-18618 [Firewall] Update of custom zone shows error "Record does not exist" on zone page when "Any" interface not bound with zoneNC-18844 [Firewall] Local ACL exception rule export-import failsNC-18880 [Firewall] Existing iptables traffic redirection chains not removed when web proxy listening port is updatedNC-18709 [HA] All timers disabled in primary appliance (HA A-A )NC-17806 [Hotspot] Voucher creation fails if the description includes ' or " signNC-17878 [Hotspot] Remove TLS v1.0 and DES/3DES/RC4 cipher algorithm from Hotspot login pageNC-16862 [IPS] Default CA blank because of company name more than chars(50)NC-17561 [IPS] AWS Upload consumes 100% CPU and goes down only when IPS is disabledNC-18617 [IPS] IPS restarting (sometimes) while enabling ATP or on ATP policy changeNC-18208 [License] License does not update in Auxiliary appliance in case of standalone in HA Active-Passive modeNC-18521 [License] Unable to increase virtual cores after license upgradeNC-11596 [Mail Proxy] Vulnerability fix for CVE-2011-1473NC-17072 [Mail Proxy] SMTP DOS max Recipients exceeds limitNC-17311 [Mail Proxy] File filter is not working if file name is very large (i.e. 1k)NC-17738 [Mail Proxy] SPX encrypted PDF doesn't render properly in case of very long sender addressNC-17875 [Mail Proxy] SMTP service doesn't in MTA mode after switching back and forth between MTA and Legacy Mode multiple timesNC-18353 [Mail Proxy] Image file within compressed files not being allowed with white listingNC-18493 [Mail Proxy] SMTP service (MTA mode) doesn't deliver mails when receiving and forwarding n/w are on different IP family (ipv4/ipv6)NC-18548 [Mail Proxy] Sender notification not send when DPP action set as accept with SPX and SPX type as specified by recipientNC-18869 [Mail Proxy] SF failing PCI compliance on port 25 due to MTA mode responding to RC4 ciphersNC-18958 [Mail Proxy] System files are accessible to authenticated non-admin usersNC-17781 [Network Services] Static Mac-IP bindingNC-18696 [Network Services] 4G dongle(D-Link DWM-222) not detectedNC-12852 [Networking] DHCP Relay flood customer networkNC-18828 [RED] RED15 tunnel disconnect and data traffic is higher before disconnectNC-17846 [Reporting] Not able to get reports in case of long email sender (>256)NC-18769 [Reporting] Records for more than 256 character for sender/receiver should be properly displayed in PDF exportNC-17978 [SSLVPN] Unable to delete bridge interface when bridge host is used in SSL VPN Site to SiteNC-18424 [SSLVPN] SSLVPN Client fails to connect if certificate character has "ã" in the certificate attributesNC-18885 [SSLVPN] Openvpn Denial of Service due to Exhaustion of Packet-ID counter (CVE-2017-7479)NC-18265 [Sandstorm] SFM CCL: XML API changes missing for Sandstorm activity in System > Profiles > Device AccessNC-17391 [SupportAccess] SupportAccess: UMA sometimes sends "ApuPort 0" in WebadminResponseNC-11775 [VPN] Import for selective configuration with "include dependent entity" failedNC-18039 [VPN] IPSec services is restarting continuouslyNC-17862 [WAF] Remote users accessing the site for the web server forwarded with WAF intermittently lose access to the siteNC-18923 [WAF] Segfault for HTTP1.0 requests when cookie rewriting is enabledNC-18395 [Web] Not getting website category in custom message for unauthenticated blocksNC-18620 [Wireless] Unable to change the encryption to TKIP or TKIP&AES, settings are reverted back to AES after savingNC-18623 [Wireless] Wireless clients not able to authenticate after patches applied from NC-13982NC-18628 [Wireless] Unable to change channel_width for an AP(5GHz) from cliNC-18698 [Wireless] Internal AP in "W" models are broadcasting the incorrect case for country codeNC-18750 [Wireless] SSIDs are suddenly not broadcasted and connections are getting droppedNC-18792 [Wireless] LocalWiFi - failed to configure IP address on Bridge to LAN interface if configuration is done immediatelyNC-18960 [Wireless] Wireless network stops broadcasting on in-built Wifi Appliance models
You can find the firmware for your appliance from in MySophos portal.
Thanks talex for the effort you are spending. Every month we have a new MR which is great. Hope you even have into plans pattern updates column which is partially invible. We have to use the scroll bar to see their status. It looks promising towards v17....
talex do we have a new bug inside with ssl vpn remote access with tcp? udp works, but tcp is blocked by local acl... That bug is very familiar to me.
When will the option be added to define a hostname for the Quarantine Digest reports, its now sending the wan ip address.
Alse when will the bug be fixed when you define more then 1 email address from a user quarantine digest report it gets duplicate reports. For example 1 user has 1 email address defined it gets 1x quarntine digest. Another user has 3 email addresses it gets 3x the same quarantine digest report instead of one.
Good morning! Thank you for the consistent upgrades and fixes. Any idea when VOIP call quality being affected by IPS will be resolved?
Technical support informed me that VOIP quality issues were resolved even before mr-5. I have not tested this.
There seems to be a new issue with the attachment filter in MTA mode: even with no documents selected for blocking it strips xlsx, docx and pptx. The only solution appears to be turning off attachment filtering.
Can anyone tell me what these new variables are? I have seen them since MR-4 and I am assuming since the VoIP issues are reported as fixed since MR-4 that these might have something to do with it? They are found in the System Console "show ips_conf"
var SEARCH_METHOD hyperscan
var SIP_STATUS enabled
var IGNORE_CALL_CHANNEL enabled
I got XG210 with the (SFOS 16.05.5 MR-5)
The log viewer stop working when I went to "System Services->Log Setting" selected all and hit apply. looks like no logs recorded at all even in awarrenhttp.log?
I was trying to call customer support, spend 45min on phone talk to guy from dispatch service to take my details and create a case number???
Hi, everyone, since i installed SFOS 16.05.5 MR5 RC on my XG135, I have some issue : cannot not acces to some website as linkedin. I have no web policy active.
I 'm beginner, do you have some ideas? Thanks.
SSL VPN is broken. TCP 8443 does not respond