Sophos Firewall Manager - SFM 17.0.0 GA Released

Hi XG Community!

We've finished SFM v17.0.0 GA. This release is available from within your device for all SFM installations as of now.

Beside that, the release is available via MySophos portal.

What's New

Synchronised Application Control

SFM now has a Synchronised Application Control global summary page showing Apps detected by each Firewalls.

Firewall Rule improvements

The Firewall Rule creation supports the Service widget in Business Rules. The Firewall Rules view page is in sync with new slim look with rule details shown up upon mouse hover.

IKEv2 for IPSec

IPSec VPN configuration now has IKEv2 key exchange in general settings. The VPN wizard in SFM is updated to include IKEv2.

IPS UX improvements

The SFOS v17 enhancement in IPS is adopted on the UI of SFM. Now one can add IPS Policy Rules using the new Smart Filter.

PUA

Potentially Unwanted Applications blocking can be enabled, and Authorized PUAs can be added under general settings of Web menu.

Application Filter UX improvements

All the SFOS v17 enhancement in Application Filter is adopted on the UI of SFM. Now one can add App filter policy using Smart Filter.

Policy Test Tool

SFM v17 allows one to test firewall rules or web policy at a device level.

Email improvements

SFM v17 now carries all Email UX improvements and configuration enhancements like Adding of Grey listing support for MTA, Recipient verification call out and Smart host for outbound mail forwarding.

WAF enhancement

SFM v17 now has the TLS version settings under Web server aiding in creating Web Application Firewall rules complying with the latest TLS v1.2 version.

Wild card FQDN

The SFOS v17 Wildcard FQDN support is extended to SFM, helping in creating new or existing pre-populated FQDN hosts and use it in Firewall and Policy Route.

Log viewer

Log viewer in SFM v17 now supports the Standard view of SFOS v17.

Issues Resolved

  • NCCC-5338 [SCFM] Username overlaps into entity column in event viewer
  • NCCC-5517 [SF Compatibility] Log Component "GUI" is not available in filter option
  • NCCC-5518 [SF Compatibility] Compatibility v17: VPN IPSec connection are not pushed from group level and showing error related to "Certificate" although selection was "Preshared Key"
  • NCCC-5522 [SF Compatibility] Compatibility v17: Service not pushed for User/Network Rule
  • NCCC-5123 [SFM] SFM shows red state icon for SSL VPN (Site to Site)
  • NCCC-5335 [SFM] Use TLS 1.2 for WebAdmin
  • NCCC-5337 [SFM] IPS signatures aren't the same in SFM and SFOS
  • NCCC-5344 [SFM] GUI not accessible if password has "\"
  • NCCC-5490 [SFM] Can not delete device from SFM
  • NCCC-5498 [SFM] Firewall rules showing up "0" in template when importing configuration into template in SFM
  • NCCC-5858 [SFM] Import Template - missing configuration
  • NCCC-5890 [SFM] Update documentation about authentication server section
  • NCCC-5894 [SFM] SFM restore fails
  • NCCC-5973 [SFM] Input Value length exceeds limit: Password Length
  • NCCC-6176 [SFM] Unable to add template using import template configuration option due to template compatibility is not downloaded automatically
  • NCCC-3198 [SFM-SCFM] Every unbound, disabled physical port on XG firewall should not shows up as "interface status" DOWN in SFM/CFM
  • NCCC-5164 [SFM-SCFM] Country host synchronization fails
  • NCCC-5239 [SFM-SCFM] Unable to register Security Heartbeat configuration to more than one SF device from SFM group level
  • NCCC-5241 [SFM-SCFM] Unable to create Custom Group if user select multiple firmware (more than 10) in group criteria
  • NCCC-5243 [SFM-SCFM] E-mail alerts have incorrect time within the email body
  • NCCC-5245 [SFM-SCFM] Content Distribution port change does not apply on SF devices
  • NCCC-5252 [SFM-SCFM] Labels on URL group's manage/edit page mismatched with SF URL group's page
  • NCCC-5253 [SFM-SCFM] Web Protection Exception: User cannot deselect 'Malware Scanning' action on the update event of any exception
  • NCCC-5254 [SFM-SCFM] Web Protection Exception: 'Selection Criteria' filter do not working properly
  • NCCC-5257 [SFM-SCFM] Traffic Shaping Default: UI differs between SFM and SF
  • NCCC-5261 [SFM-SCFM] Web Policy UI looks weird on device level
  • NCCC-5272 [SFM-SCFM] No validation message on UI for IPSec connections
  • NCCC-5273 [SFM-SCFM] Wireless Networks: Show warning message about reduced security when selecting 'TKIP encryption' as encryption method
  • NCCC-5275 [SFM-SCFM] Not able to update VPN wizard when added select device name contains space in name
  • NCCC-5279 [SFM-SCFM] Rogue AP Scan: Junk characters displayed as "Entity Name" for the update event of Rogue AP Scan > General Settings
  • NCCC-5284 [SFM-SCFM] SSL VPN authentication methods section is misplaced in SFM
  • NCCC-5291 [SFM-SCFM] SSL VPN Remote Access cannot be saved without override global timeout
  • NCCC-5293 [SFM-SCFM] GUI not accessible when using a certificate with a space in its name
  • NCCC-5322 [SFM-SCFM] Web Protection can not be updated
  • NCCC-5326 [SFM-SCFM] SMTP Policy: User have to select RBL service even if 'Spam Protection' section is disabled.
  • NCCC-5345 [SFM-SCFM] Changing timezone of a SF device results in an internal server error and event viewer showing push operation in-progress
  • NCCC-5351 [SFM-SCFM] Unused event logs created when any manage page is refreshed of any SF devices level
  • NCCC-5426 [SFM-SCFM] Template is not imported when SF has a SMTP policy with "File Protection = On" and "Block File Types = None"
  • NCCC-5427 [SFM-SCFM] SFM template import will not work for SF v17.0 Beta-1 using template forward compatibility
  • NCCC-5433 [SFM-SCFM] User cannot update any new SMTP policy after adding 127 policies
  • NCCC-5493 [SFM-SCFM] Compatibility v17: Firewall rule page shows empty feature column
  • NCCC-5504 [SFM-SCFM] Compatibility v17: Firewall rule position change is not working via drag and drop
  • NCCC-5507 [SFM-SCFM] Compatibility v17: DNAT rule does not apply on firewall devices from global view when using IP range/IP list in forward type
  • NCCC-5510 [SFM-SCFM] Device monitor in SFM shows wrong RED status for RED tunnel interface
  • NCCC-5516 [SFM-SCFM] Monitoring Dashboard show ORANGE icon for "Conn. to Central Mgt." when expecting GREEN
  • NCCC-5525 [SFM-SCFM] Compatibility v17: DNAT rule cannot be updated in some combinations of forward type
  • NCCC-5815 [SFM-SCFM] Getting 'DUPLICATE ENTRY NOT ALLOWED' while creating user from group level page
  • NCCC-5906 [SFM-SCFM] Device Level: 'In and Out bytes' under Features' icon tooltip shows as 'undefined'
  • NCCC-5919 [SFM-SCFM] IPS: User cannot add IPS Policy Rule with 'Smart Filter' option in any IPS policy
  • NCCC-5969 [SFM-SCFM] IPS Policy with rule of 'Custom Signature' pushed successfully without selected custom signatures
  • NCCC-6067 [SFM-SCFM] Alerts notification mail is not send
  • NCCC-6085 [SFM-SCFM] DoS Setting updated on custom group is not applied on SF device
  • NCCC-6098 [SFM-SCFM] 'Created Date' column is not available for 'Clientless Users'
  • NCCC-6111 [SFM-SCFM] Users and Groups can not be updated from custom group level

Downloads

You can find the firmware for your appliance from in MySophos portal.