NOW is v18 GA :-)

News
  • Feature Release
  • .
  • Xstream Architecture (Xstream SSL Inspection, Xstream DPI Engine, Xstream Network Flow FastPath)
  • SD-WAN Policy-based Routing enhancements, SD-WAN Application Routing and Synchronized SD-WAN
  • Sandstorm Threat Intelligence Analysis and Reporting
  • Sophos Central Firewall Reporting and Management
  • NAT Enhancements
  • Firewall Rules Management Improvements
  • Route-based VPN
  • High Availability (HA) Enhancements
  • Email or SNMP Alerts and Notifications and SNMPv3
  • Radius Timeout with Two-Factor Authentication
  • Actionable Log Viewer
  • Bridge Interface Enhancements (ARP broadcasts, Spanning Tree Protocol (STP) traffic, and filter non-IP protocols)
  • Advanced inter-VLAN routing and bridging (VLANs on Bridge)
  • Flow Monitoring Improvements
  • Interface Renaming
  • Secure Syslog and Logs in the Standard Syslog Format
  • VMware Tools (v10.3.10) Upgrade and Integration With VMware Site Recovery Manager (SRM)
  • Jumbo Frame Support
  • Enhanced DDNS Support
  • Kerberos Authentication and NTLM
  • Intelligent IPS Signature Selection
  • Browsing quotas in web policies
  • Wildcard Domain Support in WAF
  • DKIM and BATV Anti-Spam Protection
  • .
  • For more details, please refer release notes here docs.sophos.com/.../rn_NewFeatures.html
Resolved issues
  • NC-33664 [App Signature] Unable to block Psiphon
  • NC-42675 [Authentication] access_server returns ‘Login Failed’ if two awarrenhttp threads call in at same time
  • NC-44686 [Authentication] Import/export of AUTHCTA has missing and incorrect values
  • NC-48116 [Authentication] Importing users via csv file with special character in password fails
  • NC-50521 [Authentication] User group assignment issue with LDAP users
  • NC-54642 [Authentication] Authentication not working due to high CPU utilization of access_server
  • NC-50136 [Backup-Restore] ISP failover for 2 PPPoE connections is not working for local LAN systems
  • NC-51979 [Backup-Restore] Can’t reflect time zone from restoring backup file after factory resetting
  • NC-32336 [Base System (deprecated)] gpg vulnerability (CVE-2018-12020)
  • NC-42490 [Base System (deprecated)] Validation function for legacy objects does not get called
  • NC-55640 [Bridge] Firewall rule id not matching if traffic is going into wifi interface
  • NC-45935 [Certificates] Fingerprint not updated on Default CA regenerate event
  • NC-49023 [Certificates] Webproxy signing with non default certificate when using HTTPS Scanning
  • NC-54562 [Certificates] CAs are missing after update from v18 EAP2 to EAP3
  • NC-29869 [Clientless Access(HTTP/HTTPS)] “Internal Server Error” after adding many VPN bookmarks
  • NC-48516 [Config Migration Framework] Configuration migration log on console is wrong in case of failed migration
  • NC-55270 [Config Migration Framework] Report migration failed
  • NC-49648 [CSC] API Get BridgePair requests sometimes report incorrectly “No. of records Zero.”
  • NC-52857 [CSC] One time scheduler doesn’t work as expected in case of DST
  • NC-51717 [DDNS, Email] DDNS uses wrong IP when interface is configured with PPPoE + Alias
  • NC-38763 [DHCP] IP not leased to DHCP only interface when update from stateless
  • NC-38795 [DHCP] IPv6 not removed from DB while disable DHCPv6 manage flags from RA server
  • NC-38930 [DHCP] Editing DHCPv6 interface with auto configuration does not get IP from DHCPv6 server
  • NC-39157 [DHCP] DHCPv6 client option “Accept other configuration from DHCP” is not working
  • NC-50214 [DHCP] DHCP server dead with specific configuration
  • NC-51957 [Documentation] Showing fastpath load failed with command “console> system firewall-acceleration show”
  • NC-48712 [Email] Antivirus service in stopped state, cannot recover it
  • NC-51340 [Email] Mailscanner child process causing OOM events when editing blocked senders list
  • NC-51347 [Email] Error message “undefined” received when trying to add host
  • NC-51883 [Email] API error 599 when performing GetRequest for various email modules
  • NC-52212 [Email] Reject/Drop action not work correctly for oversized mails
  • NC-53016 [Email] Email Blocked Senders cannot be updated
  • NC-55138 [Email] SAVI AV update failed
  • NC-22659 [Firewall] IPtable chains not created for firewall rule whose name contains blackslash ‘\\\\\’
  • NC-30482 [Firewall] DNAT rules stop working after every reboot when migrating from UTM to SFOS
  • NC-36616 [Firewall] Firewall group not available in APIhelpdoc
  • NC-37775 [Firewall] Configuring over 20 time schedulers on the various firewall rules is causing CSC freeze
  • NC-43017 [Firewall] Full config export does not include Security Policy group
  • NC-43415 [Firewall] In the firewall rule, types of services are not translated
  • NC-48803 [Firewall] Virtual Host update is calling on every FQDN IP update even its not used in virtual host configuration
  • NC-49101 [Firewall] Group description delete issue in firewall
  • NC-49678 [Firewall] Default ICMP service not matching in policy test tool
  • NC-50222 [Firewall] Firewall rule position display is incorrect on rule deletion
  • NC-50549 [Firewall] Drop packet does not show all the information for firewall rule ID 0 drop compare to v17.5
  • NC-50712 [Firewall] NAT rules UI error
  • NC-50949 [Firewall] Wrong ARP behavior in relation to DNAT rules
  • NC-51867 [Firewall] Denied firewall logs send to garner for allowed firewall rule even if logging is disabled
  • NC-51964 [Firewall] DNAT rule stopped working after every reboot
  • NC-52395 [Firewall] Getting wrong username in admin event for firewall rule group name update
  • NC-52429 [Firewall] Web access lost for 10+ minutes after HA fail-over
  • NC-52638 [Firewall] WAF is not able to connect to webserver via IPsec tunnel
  • NC-52662 [Firewall] Continuous receiving ‘fw_fp_invalidate_microflows:459: Queueing invalidate work ffff8801ed1bb5c0’ error in syslog
  • NC-52853 [Firewall] Observed feedback channel plugin of garner core dump on XG330
  • NC-52873 [Firewall] Kernel warning message ‘RIP: 0010:tcp_send_loss_probe+0x13f/0x1c0’ observed in syslog
  • NC-53364 [Firewall] Firewall rules are not getting created correctly using XML API
  • NC-53988 [Firewall] Kernel panic on XG450 appliance
  • NC-54038 [Firewall] Wrong notification message displayed after disabling firewall rule
  • NC-55261 [Firewall] Appliance crashing with Kernel Panic
  • NC-55789 [Firewall] Ipuser ipset dumps when user is authenticated via STAS
  • NC-47482 [Firmware Management] Firmware mismatch issue – both firmware slots showing same firmware
  • NC-52441 [Firmware Management] Some time firmware ‘install’ opcode getting timeout and installation failed
  • NC-38800 [HA] Incorrect error message when configure HA A-A with DHCP interface
  • NC-39015 [HA] Unable to configure peer administration port for HA A-P when one of IP family of the interface is Dynamic IP assignment
  • NC-30485 [Import-Export Framework] Export full configuration some time fails with error – ‘The request could not be completed’
  • NC-39229 [Interface Management] XG unsynced with SFM when unbind any interface from SFM
  • NC-46514 [Interface Management] Cyberoam backup restore fails when DHCPv6 interface configured
  • NC-48450 [Interface Management] Table for interface widget is not visible in control center page
  • NC-49938 [Interface Management] Some time traffic drop in bridge mode
  • NC-48956 [IPS Engine] Modify IPS TCP Anomaly Detection setting to disabled in default setting
  • NC-53875 [IPS Engine] IPS keeps getting started because of page allocation failure
  • NC-51568 [IPS-DAQ] Coredump in snort
  • NC-52085 [IPS-DAQ] Wget not working for IPv6 sites in bridge mode – SSL decrypt not working
  • NC-53363 [IPS-DAQ] Internet traffic hang and all traffic dropped
  • NC-52641 [IPS-DAQ-NSE] IPS Service DEAD
  • NC-54310 [IPS-DAQ-NSE] CC terminals not establish a connection with server
  • NC-29370 [IPsec] Tunnel is getting established even though PFS is disabled on the VPN client side and enabled in SFOS IPsec profile
  • NC-49919 [IPsec] Dgd service stopped and unable to start
  • NC-33848 [LAG] LAG advanced options not working when LAG is member of Bridge
  • NC-40683 [LAG] LAG active mode import-export is not working
  • NC-52090 [Logging] LogViewer: “Action is not Allowed” filtering not working in detailed view
  • NC-52762 [Logging] LogViewer: system mentioned in upper case
  • NC-46114 [Logging Framework] Improper input validation and email notification after failed login (Webadmin, SSH, …)
  • NC-50127 [Logging Framework] Garner coredump in HA setup at handle_sync_input
  • NC-51942 [Logging Framework] Policy Test Tool not working if firewall rule created with destination network as country or country group
  • NC-37839 [nSXLd] Proxy authentication is not cleared after config reload
  • NC-37841 [nSXLd] Keywords are not deleted when custom web category is deleted
  • NC-54525 [RED] S2S RED tunnel doesn’t established on SFOS after EAP2 to EAP3 upgrade
  • NC-28022 [Reporting] Incomplete field names on data anonymization page
  • NC-42864 [Reporting] Reports downloaded in PDF format have logo too close to the first line in most pages
  • NC-43183 [Reporting] When data anonymization is enabled, scheduled reports are showing “Not available” instead of anonymized string
  • NC-45154 [Reporting] Cannot specify hour and minute properly in Detailed Custom Reports
  • NC-45236 [Reporting] Reports sent 1 hour later than scheduled
  • NC-46178 [Reporting] “Web Risks & Usage Visibility” not showing any data
  • NC-49273 [Reporting] Filtering on blocked user activities not working as expected
  • NC-52120 [Reporting] Daily Reports are received but it delayed by different time
  • NC-52125 [Reporting] UTQ user data is empty in SAR report but populated in GUI dashboard report
  • NC-53072 [Reporting] Events reports (Admin, Authentication and System) are not generating due to db query for insert query getting failed
  • NC-53369 [Reporting] Application Categories shown as “Unclassified”
  • NC-54177 [Reporting] UTQ not generating due to change in web categories names
  • NC-48718 [Service Object] Unable to edit service object that is assigned to a firewall rule
  • NC-47585 [SFM-SCFM] Backedup ‘central reporting’ config is not maintained after Restoring config
  • NC-53043 [SNMP] Wrong data is displayed in SNMP query for CPU usage
  • NC-47348 [SSLVPN] LogViewer logs are not generated for ssl vpn connection up or down events
  • NC-55228 [SSLVPN] Site2site – SSLVPN client in HA is not initiating connection after active node shut down
  • NC-54150 [Static Routing] Data insertion is failing if large number of connections are present and Live Connection page is loaded
  • NC-54314 [Static Routing] Negative value is displayed in upstream/downstream bandwidth column
  • NC-51673 [UI Framework] User portal redirect loop when using non-standard port
  • NC-55193 [VFP-Firewall] Port self test reboots appliance – V18 fastpath
  • NC-23045 [WAF] WAF – Increase default TLS version to v1.2
  • NC-51952 [WAF] WAF firewall rule update failed after migration from 17.5 MR8 to 18.0 EAP1
  • NC-55034 [WAF] Web server timeout of 0 leads to syntax error in reverseproxy.conf
  • NC-51156 [Web] Dynamic app filter rules which do not contain any applications is enforced for all applications in WIS
  • NC-53402 [Web] Appliance auto reboot due to OOM (out of memory)
  • NC-53709 [Web] Tiktok video not working with plain firewall rule with SSL/TLS enabled
  • NC-54421 [Web] SSLx Exception based on SAC does not work
  • NC-44346 [WWAN] Celullar WAN does not takeover again on failover
  • Any enhancements to STAS?

    How does the new Kerberos Authentication work? Does it replace STAS?

     

    Lots of bug fixes too!