Learn about the Benefits of Multi-Factor Authentication (MFA) . Turn your MFA on now!
Information: Three minute survey on Exploring more ways to contact Sophos Technical Supportt. If you can spare the time, we would love your feedback!
Hi XG Community!
We've finished SFOS v17.1.3 MR3. This release is available in stages. In first stage it will be available at MySophos. We then start with a small amount of slots and will increase those over time. Later it will be available to all other installations as well.
Please see the following link for further information regarding upgrade - KBA 123285 Sophos Firewall: How to upgrade the firmware.
Please see the following link for further information regarding CVE-2018-5389 - Offline dictionary or brute force attacks in IPsec IKEv1: KBA 132789
NC-32425 [API] Getting warning message during APIdocument file extraction
NC-36299 [Base System] Error in garner: double free or corruption (out) seems to cause RED disconnects
NC-32875 [Firewall] WPA enterprise authentication with RADIUS stops working after upgrade to v17.0 MR8 or v17.1 GA
NC-36765 [Firewall] Updated country host DB is missing some anonymous proxy and satellite provider
NC-35564 [IPS] CASB and Application Filter policy denies all cloud apps after reboot
NC-36506 [IPS] IPS and APP signature updates are getting failed
NC-34647 [IPsec] IPsec tunnels are not connecting after failover
NC-35546 [IPsec] MITM Attack - IKE in IPSEC based VPN connections (CVE-2018-5389)
NC-34534 [Network Services] Immediate failover not happening for IPv6 traffic during gateway down
NC-35557 [RED] All REDs disconnect intermittently in HA setup
NC-36927 [RED] High CPU caused by gethainfo
NC-34519 [Reporting] Unable to generate on-box-reports
NC-35161 [Reporting] RED usage report not being displayed
NC-35223 [Reporting] Create new report for CASB feature in SFM/CFM
NC-31035 [UI Framework] Provide visual feedback for read only form elements
NC-31346 [UI Framework] HTTP Security Header Not Detected, CWE-693: Protection Mechanism
NC-31613 [UI Framework] Unable to import groups from AD server using IE browser
NC-28694 [Web] Fail to upload a ccl file when the file name contains unicode chars
NC-28925 [Web] Parent Proxy config - unable to use certain special characters in username
NC-28961 [Web] Renaming an activity is not reflected in Policy Tester
NC-29898 [Web] set_sandstorm_scan_size dashboard alert is not turned off on saving of protection settings
NC-29964 [Web] On editing category name, the pop-up message shows HTML entity encoding for special characters
NC-30336 [Web] RTMP/RTMPT/RTMPS failed to connect over HTTP proxy
NC-33678 [Web] Live Users showing machine names instead of user names
You can find the firmware for your appliance from in MySophos portal.
When will we be able to turn off YouTube restricted mode when we have Safe Search turned on? Or at least move the entire option across to Web Polices or firewall rules, rather than global.
Upgraded in the afternoon . Every thing is Working fine and CPU usage has gone down then MR2
I will be updating from the SFOS 17.0.6 MR-6 version for this, is there any recommendation to do to avoid problems?
Thank god the lock up issue is gone. On each we have installed this on. Pure Bliss. We can manage devices from remote. yeah!
Hi, is the SNMP issue resolved as well? I don't see it in the list.
When a version with new features like DHCP more options or NTP Server?
NC-36299 [Base System] Error in garner - there's still issues related to Garner in MR3. Can this please be fixed ASAP and released as a patch? I don't want to call support to manually patch 10+ appliances! This is heavily impacting multiple areas of the XG system.
This KB was released about Garner memory corruption:
Heartbeat not working after upgrade HA A-P:
XG210_WP03_SFOS 17.1.3 MR-3# service heartbeat:stop -ds nosync
200 Already Stopped
XG210_WP03_SFOS 17.1.3 MR-3# service heartbeat:start -ds nosync
503 Service Failed
what is this : NC-34647 [IPsec] IPsec tunnels are not connecting after failover ?
We have a problem with remote firewall storshield the tunnel disconnect and not reconnect automatically ...
that's it ?
Please, for the love of all things holy give us the ability to filter specific time frames in the "log viewer" someday. Was hoping for it in 17, still waiting...
It looks like this update might have broken my VLAN interfaces. Running under a Hyper-V instance. I'm doing more testing but wanted to put this out there in case I'm not the only one.
Same problem, lost connection when apply, update might have broken my VLAN interfaces. Running under a Hyper-V instance. Wait for next one as canot try again only 17.1.3 and 17.1.2. in store
Since version SFOS 17.1 the icons of VPN and Interfaces are swapped.
i Hope you fix soon,
I know its not a functional issue :)