Hi XG Community!

We've finished SFOS v17.1.3 MR3. This release is available in stages. In first stage it will be available at MySophos. We then start with a small amount of slots and will increase those over time. Later it will be available to all other installations as well.

Please see the following link for further information regarding upgrade - KBA 123285 Sophos Firewall: How to upgrade the firmware.

 

Issues Resolved

Please see the following link for further information regarding CVE-2018-5389 - Offline dictionary or brute force attacks in IPsec IKEv1: KBA 132789

  • NC-32425 [API] Getting warning message during APIdocument file extraction

  • NC-36299 [Base System] Error in garner: double free or corruption (out) seems to cause RED disconnects

  • NC-32875 [Firewall] WPA enterprise authentication with RADIUS stops working after upgrade to v17.0 MR8 or v17.1 GA

  • NC-36765 [Firewall] Updated country host DB is missing some anonymous proxy and satellite provider

  • NC-35564 [IPS] CASB and Application Filter policy denies all cloud apps after reboot

  • NC-36506 [IPS] IPS and APP signature updates are getting failed

  • NC-34647 [IPsec] IPsec tunnels are not connecting after failover

  • NC-35546 [IPsec] MITM Attack - IKE in IPSEC based VPN connections (CVE-2018-5389)

  • NC-34534 [Network Services] Immediate failover not happening for IPv6 traffic during gateway down

  • NC-35557 [RED] All REDs disconnect intermittently in HA setup

  • NC-36927 [RED] High CPU caused by gethainfo

  • NC-34519 [Reporting] Unable to generate on-box-reports

  • NC-35161 [Reporting] RED usage report not being displayed

  • NC-35223 [Reporting] Create new report for CASB feature in SFM/CFM

  • NC-33559 [Routing] Configurable failback behavior using WAN Link Manager
  • NC-31035 [UI Framework] Provide visual feedback for read only form elements

  • NC-31346 [UI Framework] HTTP Security Header Not Detected, CWE-693: Protection Mechanism

  • NC-31613 [UI Framework] Unable to import groups from AD server using IE browser

  • NC-28694 [Web] Fail to upload a ccl file when the file name contains unicode chars

  • NC-28925 [Web] Parent Proxy config - unable to use certain special characters in username

  • NC-28961 [Web] Renaming an activity is not reflected in Policy Tester

  • NC-29898 [Web] set_sandstorm_scan_size dashboard alert is not turned off on saving of protection settings

  • NC-29964 [Web] On editing category name, the pop-up message shows HTML entity encoding for special characters

  • NC-30336 [Web] RTMP/RTMPT/RTMPS failed to connect over HTTP proxy

  • NC-33678 [Web] Live Users showing machine names instead of user names

Downloads

You can find the firmware for your appliance from in MySophos portal.