Sophos Central Endpoint and SEC: Computers fail/hang on boot after the Microsoft Windows April 9, 2019 update. Please follow knowledge base article 133945
Learn about the Benefits of Multi-Factor Authentication (MFA). Turn your MFA on now!
We'd love to hear about it! Click here to go to the product suggestion community
We are glad to have you on board, because your feedback will help us make the new release simply better. Your experiences with Sophos XG Firewall itself and with many different customer installations in the field will be a real benefit on our way to create a reliable SFOS v17.5 with useful new features!
Please find the complete list of installers and updates at Download Links - 17.5 EAP1 build 280 firmware and installers.pdf
Please find instructions on how to update in this KB article
Here’s a quick overview of the key new features in v17.5. For a more detailed description please refer to Sophos-XG-firewall-v17.5-whats-new.pdf
extends our Security Heartbeat automated threat isolation to prevent any threat from moving laterally or spreading across the network, even on the same subnet. The firewall instructs all healthy endpoints to completely isolate any unhealthy endpoints.
utilizes Security Heartbeat™ to greatly streamline authentication for user-based policy enforcement and reporting in any Active Domain network by eliminating the need for any kind of server or client agent.
such as per-user policy-based control over SafeSearch and YouTube restrictions, teacher enabled block-page overrides, and Chromebook authentication support
adds Sender Policy Framework (SPF) anti-spoofing protection and a new MTA based on Exim which closes a couple of top requested feature differences with SG Firewall.
is enhanced with greatly expanded categories enabling you to better optimize your performance and protection.
including enhanced firewall rule grouping with automatic group assignment, a custom column selection for the log viewer; And revamped online help with learning content approach
including new IPSec failover and failback controls and SD-WAN link failback options.
gets a major update with a variety of new enhancements such as per-machine deployment, a logout option, support for wake from sleep, and MAC address sharing.
is our new IPSec VPN Client that’s free for all XG Firewall customers that makes remote VPN easy for users and supports Synchronized Security.
In addition, coming in a following Maintenance Release we have:
provides support for the new Wave 2 access points providing faster connectivity and added scalability.
for deployments where XG Firewall can’t get updates automatically via an internet connection (due to an “airgap” or physical isolation) – XG Firewall can now be updated via USB.
With v17.5, XG Firewall is also joining Sophos Central. The Early Access Program for Sophos Central Management of XG Firewall is expected to start soon.
You will be able to manage XG Firewall from within Sophos Central along with all your other Sophos Central products. And there’s a few great new features coming along with Sophos Central Management of XG Firewall:
Please post it in this forum with a detailed description and - if possible - with some details how our team can reproduce the behaviour. To increase readability we would like to ask you to use one post per issue.
Our engineering teams check the forum on a regular base.
I see mention to the garner memory issue being resolved for a RED - but has it been resolved on the firewall? With 17.1.3 I was still having the admin interface hang after login, and run very slugging which I believed to be the garner memory issue. Only resolution was reboot (or escalate and have GED implement a fix). Even restarting the garner server (service garner:restart -ds nosync) would not resolve the issue.
This was across multiple hardware firewalls.
Other than that, all looks good.
I faced one small (but nasty) issue so far. After upgrade to 17.5 Beta, Avira Pattern are not downloaded automatically.
This means if Email Protection is used, and Malware Scanning is set to DualAV or Avira, then those Mails are not getting deliverd (because AV failed).
I faced this issue on 2 Testmachines so far...
In reply to HuberChristian:
Hi thank you for your report,
In reply to Thomas the tank engine:
Thanks for reporting this in Ryan. To confirm are you experiencing the admin interface slowdown (garner memory issue) with this 17.5 EAP release?
Hi, after updating to this early release I am still seeing inconsistent display of the traffic insight widgets/components on the dashboard. Supposedly this was addressed in NC-26459 [Reporting, UI Framework] Reports for "Traffic Insight" not shown on dashboard
In reply to dakster:
I have been looking of the NTP server as mentioned here so I can point my devices at the firewall and remove the ntp rule.
but I suspect it is labelled incorrectly and should be Time?
In reply to rfcat_vk:
I was under the impression that STAS was replaced in v17.5 yet there is still a tab for it.
Thank you for the feedback.
We would need access of the appliance for the further debugging.
Contacting to you on PM.
Replaced...as in?! - haven't heard of it :-)
EDIT: Ahh because of this: community.sophos.com/.../388112
In reply to deeptibhavsar:
Not on 17.5 no (I've not rolled it out to customers, just development). I was just asking if you believe it is fixed in 17.5 as the only mention in the release notes relate to a RED device (having garner memory resolved).
Ryan (choo choo)
It will not be replaced overall but the Synchronised User ID for Central Customers is designed to be used instead of STAS.
STAS and/or NTLM must still be used for non Central customers.
Hi Ryan, just confirmed that both issue related to garner memory problems have been resolved in this EAP release. Thanks
how to get the sophos central worked as i enable it and register the device but can not find it on sophos central
In reply to MarcKamel:
Central management is not released yet pending an update to the Central Dashboard which dhould be released soon.
Installed SFOS 17.5.0 Beta-2 on a XG105W Appliance. It looks like Sophos Dynamic DNS is not functioning correctly. I get a message that the DDNS Failed the Update and that service unavailable.
A pretty basic setup with this firewall, so far everything else has been working good.