Hi XG Community!
We now have SFOS v17.1.0 GA available. Here's everything you need to know.
Right now, the release is available as manual upgrade to all SFOS versions via MySophos portal.
Please see the following KBA - Sophos Firewall: How to upgrade the firmware: KBA 123285
On-the-box upgrade (new firmware available pop-up & Check for new Firmware) will be made available a little later. Also, On-the-box upgrade will be released in a staged manner i.e. increasing the staged count incrementally over time.
Check out all the enhancements in XG Firewall v17.1 including the new Cloud Application Visibility feature in our XG Firewall v17.1 demo video.
You can find the PDF of what's new here: Sophos XG Firewall v17.1 Whats New.pdf.
In case you are managing your Firewalls using SFM/CFM, Firewalls running SFOS 17.1 GA won’t accept application filter rules when applied from a device group or template. You can manage application rules from the device-level view in SFM/CFM until this limitation is addressed in SFOS 17.1 MR-1.
To manually install the upgrade, you can find the firmware for your appliance at MySophos portal. Please see the following KBA - Sophos Firewall: How to upgrade the firmware: KBA 123285.
Please note that v17.1 is not yet available for XG 85(w) devices. We expect to have support for the XG 85(w) in the next release. Thank you for your patience.
Thanks for the update
Can you guys comment on NC-30979 (in update three)? Such as if this bug existed in 7.0 MR-8 or if it was only in 17.1 and if it is also found in 17.0 MR-8 give more details other than "IPsec route can disappear if two connections use the same" ..... same what???
I guess I should of just just asked... is there any IPSEC fixes that were not already in 17.0 MR-8 ?
I just want to have IPV6 working out of the box in my Sophos XG Home Edition.... :(
is it just me? I can't seem to find the download following the instructions above.
@Scot_D_L the IPsec fixes mentioned for this release are not part of 17.0 MR8.
Regarding NC-30979, IPsec route can disappear if two connections use the same ipsec_route set via cli, which leads to the route being removed in case of one of the connection going down.
JeffreyJaspers the first KBA is a bit confusing, I'll check to improve it. Once you logged in to MySophos, go to Network protection > Firmware updates and enter your serial number (which you can find in the XG control center).
Talex thank you for this. I installed the 17.1 without a problem on my Hyper-V server. My AP is not coming back online. The status stays inactive on my AP55c.
I have upgraded the v17.1 on 6 Jun and system is working fine. The Cloud Application improvement is cool, giving lot of insight.
On XG135, upgraded to v17.1 from v16.05.9 and broke my site-to-site VPN.
Will there be an upgrade path to v17.x that does break VPN connections?
Or I must concede and rebuild my VPN connection?
I have not tried remote access VPN's made in v16.05.9, any idea if they will have the same fate in v17.1 (e.g. break)?
this update breaks MTA
Michael Štěpař What in MTA broke Michael?
After boot it tries to start MTA and after some time it says MTA DEAD
theres topic... community.sophos.com/.../xg-17-1-0-ga-firmware-upgrade-breaks-mta
Theres is problem on our SG310 with every firmware after 17.0. Awaren kinda breaks and it takes up to a day to deliver some of emails (usualy it takes just few hours or reboot), also the mail log is somehow not a tool that I can believe to. But those are things that are mentioned in 17.1 GA, but 17.1 GA breaks mail agent totally. Isnt there a chance to have a XG firmware that actually can be used as a working solution for a company? Also theres a problem with RED 15W, which cannot be used with XG, because XG doesnt see any AP (worked with UTM alright). I have just renew my licence, but I am getting deeply disapointed with fixes. Dont get me wrong, but I am wasting a lot of time into trying to use your software (and hardware) and it fails me seriously bad.
I heard the UTM 9.6 has lets encrypt support will this be added to SophosXG aswell?