Hi XG Community!

We’ve released a maintenance release for Sophos Firewall Manager (SFM). This update contains enhancements and fixes for some open issues.

Remarks

Device reboots after upgrade.

Applicable SFM versions

Following versions can upgrade to this SFM release:

  • SFM v16.05
  • SFM v16.01 RC-1
  • SFM 15.01.0 - GA release, MR-1, MR-2, MR-3, MR-4

Compatible Sophos Firewall OS (SFOS) versions

SFM Release v16.05 MR-1 supports Firewalls running on the following Sophos Firewall OS (SFOS) versions:

  • SFOS v16.05 - RC-1, GA, MR1, MR-2, MR-3, MR-4, MR-5, MR-6
  • SFOS v16 - MR-1, MR-2
  • SFOS v15 - GA, MR-1.1, MR-2, MR-3

What's new in this release

  • Create template from firewall running on latest SFOS versions

You can now create a template in Firewall Manager by importing configuration from an XG Firewall running on SFOS version(s) released after the Firewall Manager. Refer Compatibility Document for details.

This support may not work in some cases like major workflow or structural changes in SFOS. The template created will have configuration of the features supported by the Firewall Manager.

Bug Fixes 

  • NCCC-5178 – VPN tunnel is not activated on firewall when a Template with VPN configured and tunnel activated is applied
  • NCCC-5216 – In SFM some configurations are missing in a template created by importing configuration of a managed XG firewall.
  • NCCC-5235 – XG admin password changes from Firewall Manager at group level do not apply on the firewalls running on SFOS 16.05 MR-5 and MR-6
  • NCCC-5146 – When a user adds a host in multiple host groups in SFM and synchronizes this change with XG firewall, the host is displayed only in the last host group in which it was added. 
  • NCCC-5174 – When a SSL VPN policy group added in a firewall rule on SFM is applied on a Firewall, it does not appear in the firewall
  • NCCC-5236 – When a user adds a DNAT/ Full NAT/ Load Balancing business rule in SFM and applies on XG firewall: 
    • The Create Reflexive rule gets unchecked
    • Malware Scanning section is added where Scan SMTP and Scan SMTPS are enabled.

 

Supported Platforms

  • Physical Appliances: All SFM series appliances
  • Virtual Appliance: All major VM hypervisors are supported including VMware, Microsoft HyperV, Xen, and KVM
  • Software Appliance: Any supported x86 hardware server can be converted into SFM appliance with an ISO image

Files

Firmware updates are available for manual download, via MySophos: Download from MySophos.

 

Updating your firmware

Sophos Up2Date technology makes it easy to upgrade your Sophos Firewall Manager to the latest version.

There are two ways to apply an available Up2Date package to the device:

Method 1

  • Log in to your SFM web interface.
  • Go to System & Monitor > System Settings > Maintenance > Firmware.
  • Click “Check for new Firmware” to download the latest firmware.
  • Once it is downloaded, click “Install” to begin the installation. The system will reboot and the new firmware will be installed.
  • You can roll back to the previous firmware version by clicking “Boot Firmware” for the previous firmware version. Any configuration changes made between the upgrade and roll back will be lost.

Method 2

  • Download the Up2Date package from MySophos.
  • Go to System & Monitor > System Settings > Maintenance > Firmware.
  • Select “Upload firmware” against the non-active firmware to upload the new firmware file and click “Upload & Boot”. The system will reboot and the new firmware will be installed.
  • You can roll back to the previous firmware version by clicking “Boot Firmware” for the previous firmware version. Any configuration changes made between the upgrade and roll back will be lost.

 

Feedback

  • To provide feedback or for a discussion related to SFM features, please visit our community boards. Please indicate the version at the time.
  • To provide documentation-related feedback, please write to us at nsg-documentations@sophos.com.
  • For more information related to this release, please visit our online forums.