SFOS v17.0 RC-1 Released

Hi XG Community!

We've finished SFOS v17.0.0 RC-1. This release is available from within your device for all SFOS v17.0.0 installations as of now.

Note: SFOS v16.05.8 MR8 installations can update to v17.0.0 RC-1.


New Features

  • Unified Log Viewer and More Granular Logging


  • NC-22241 [Access] Typo in access_server log line
  • NC-21857 [API] Creation of clientless users with same name fails
  • NC-21567 [Authentication] "Valdidate Server Certificate" for authentication server fails sometimes
  • NC-22220 [Authentication] Admin user can be created with the same password as the username via XMLRPC with password complexity settings enabled
  • NC-22231 [Authentication] Captive Portal incorrect Error Message using OTP settings
  • NC-21428 [Base System] License key activation not syncing automatically on wizard and licensing page
  • NC-21460 [Base System] Registration page does not open in chosen language in deferral mode - opens in English only
  • NC-21461 [Base System] CSRF token is submitted to registration pages
  • NC-22047 [Base System] Install wizard: Finish page does not redirect after reboot after updating firmware
  • NC-22065 [Base System] Segfault in csc while doing HA failover in HA A/P with dynamic interface
  • NC-22216 [Base System] Policy Test tool not working for web policy test method
  • NC-22302 [Base System] Several features are not working on registration deferral, because there is no Serialnumber
  • NC-22326 [Base System] Garner performance improvement in new log-viewer
  • NC-22290 [Clientless Access] Clientless user update failed
  • NC-22398 [CN to CN Migration] Add SFOS v16.5 MR-8 to v17.0 migration support
  • NC-19686 [Firewall] Network Rule summary text without space and missing options
  • NC-22059 [Firewall] SSL decryption should not be enabled by the wizard
  • NC-22325 [Firewall] Traffic data count shows 0 when more than 2000 rules are created
  • NC-22328 [Firewall] Traffic drop with src ip of appliance also logged as Invalid traffic
  • NC-22342 [Firewall] Firewall unresponsive once reboot the appliance after Business rule (DNAT) with rule name containing '\' is deleted
  • NC-22573 [Firewall] Unable to create Custom Zone
  • NC-22584 [Firewall] NAT rule not working for DNAT rule
  • NC-21568 [Framework(UI)] In user portal one user can view internet usage statistic of other users by injecting filter parameter
  • NC-19480 [Hotspot] Cyrillic characters won't be displayed in voucher description
  • NC-22040 [Hotspot] Hotspot update fails in case where hotspot firewall rule has GW specific default NAT configured
  • NC-21494 [IPsec] Full config import fails due to opcode 'update_DNS_configuration' failure
  • NC-21665 [IPsec] Adding IPSec connection UI page not working with IE11
  • NC-21910 [IPsec] Adding IPsec connection through IPsec wizard shows NAT-Traversal option but it is missing from main IPsec connection page
  • NC-21938 [IPsec] Remote CA certificate field does not show all CAs
  • NC-22100 [IPsec] L2TP VPN is not connecting after upgrade appliance in V17
  • NC-22138 [IPsec] No error message shown when selecting unsupported IKEv2 IPsec policy in L2TP connection
  • NC-22214 [IPsec] 'Check Peer After Every' must be 15 seconds smaller than Phase 2 'key life'
  • NC-22267 [IPsec] Saving or activating an IPsec connection shows a misleading message - Part 2
  • NC-22355 [IPsec] Keep IPsec CA configuration after migration from SFOS v16.5
  • NC-20949 [Logging] Sandstorm table empty in log viewer
  • NC-20951 [Logging] Web Content Policy table empty in log viewer
  • NC-21658 [Logging] Log viewer page title and time stamp is not set properly
  • NC-21728 [Logging] DDNS information (last updated IP, last status, updated time) not updating on DDNS page
  • NC-22079 [Logging] Log viewer page got stuck after timeout of admin session
  • NC-22228 [Logging] PUA detection logs are not available at log viewer under malware
  • NC-22237 [Logging] Log viewer shows web content policy in loading state
  • NC-21348 [Mail Proxy] Awarrensmtp service died and does not start when quarantine storage is full
  • NC-22080 [Mail Proxy] Unable to add user in clientless users in v16.05 MR-7
  • NC-21615 [Network Services] Wildcard host not visible on FQDN host filter on Add Policy Routing and Firewall page
  • NC-21731 [Network Services] Traffic is not passing from AUX when wildcard FQDN host used in firewall rule on active-active HA
  • NC-22053 [Network Services] DNS IP is not leased to client from DHCP server which is created on wizard run
  • NC-22361 [Network Services] FQDN traffic being dropped by secondary in active-active HA
  • NC-19212 [Networking] XG web admin can't show DNS query result for certain FQDN, such as svr-dc-01.mhadomain.internal
  • NC-21890 [Networking] Bridge interface update event logs are not showing
  • NC-21965 [Networking] Gateway Specific Default NAT Policy option doesn't work
  • NC-21966 [Networking] IP address of bridge ipv6 is not updated when changed via CLI
  • NC-22010 [Routing] pimd crashes when more than 31 multicast interfaces are configured
  • NC-22096 [Routing] After restoring backup of CR300iNG in XG-450 appliance VLAN interfaces for OSPF were not migrated
  • NC-21653 [SecurityHeartbeat] heartbeatd crashes when signature database is corrupt
  • NC-21813 [SecurityHeartbeat] After heartbeat registration, multiselect dropdown menu for Missing Heartbeat Zones is empty
  • NC-22055 [SecurityHeartbeat] In HA environment unregistering doesn't clear the config files on the AUX node
  • NC-22098 [SecurityHeartbeat] Improve UX of SAC Customize dialog
  • NC-22497 [SecurityHeartbeat] Migration of registration data fails due to magic IPs
  • NC-21513 [SSLVPN] Customers with '/' in the username are not able to download the SSLVPN config
  • NC-21933 [SSLVPN] SSLVPN runs on Primary and Aux in HA active-passive
  • NC-21913 [Synchronized App Control] Proper Name of Synchronized Applications is not displayed in report
  • NC-20766 [Web] Policy tester should not show content scanning rules when content scanning is disabled in firewall rule
  • NC-20799 [Web] Word contains leading or trailing symbol will make a partial CCL match
  • NC-21739 [Web] Policy tester will error out with white list urls
  • NC-21765 [Web] CCL that contains special chars in key name is not loaded by conan
  • NC-21997 [Web] Non-HTTP(S) ports in policy tester should never hit web policy rules
  • NC-22232 [Web] Upgrade Samba to address CVE-2017-12150
  • NC-22295 [Web] Not able to download PDF and ISOs from specific URLs after migrating to v17 with AV scanning
  • NC-22322 [Web] CCL validation is failed for UTF8-BOM file

Download Links

The update is available via update server for all installations running SFOS v17.0.0 Beta1 or Beta2. Additionally here are the links to download the ISO images as well as update packages for software and appliance installation as well as the images for virtual environments.

Type Link
Hardware Installer https://www.sophos.com/Pages/DownloadRedirect.aspx?downloadKey=59C16DC6-B074-4F0E-A5D8-C701FE5F610C
Hardware Update SF110 https://www.sophos.com/Pages/DownloadRedirect.aspx?downloadKey=EE75EA25-6F94-4C52-A8F0-003D7AFAC69B
Hardware Update SF200 https://www.sophos.com/Pages/DownloadRedirect.aspx?downloadKey=B78C3E7C-6E96-4201-950E-297F45E692A8
Hardware Update SF210 https://www.sophos.com/Pages/DownloadRedirect.aspx?downloadKey=163499D0-97B7-4B72-8A38-32A249A8F01E
Hardware Update SF300 https://www.sophos.com/Pages/DownloadRedirect.aspx?downloadKey=8BFA8AC0-8CE0-4FEC-B7FE-BE015C7E6CE4
Software Installer https://www.sophos.com/Pages/DownloadRedirect.aspx?downloadKey=47EA9BF2-86F0-4449-A0C4-4F022D1DAE9E
Software Update https://www.sophos.com/Pages/DownloadRedirect.aspx?downloadKey=56ECE230-9A0F-4AAD-8A7E-BA149635F0C6
HyperV Installer https://www.sophos.com/Pages/DownloadRedirect.aspx?downloadKey=D25C59AF-8024-48CB-867C-0400E05BE8A7
HyperV Update https://www.sophos.com/Pages/DownloadRedirect.aspx?downloadKey=25770DF7-5AB1-40D4-BCA7-95D49D7B1B84
KVM Installer https://www.sophos.com/Pages/DownloadRedirect.aspx?downloadKey=484C585E-FC6F-4746-8CF1-3A4B6938F476
KVM Update https://www.sophos.com/Pages/DownloadRedirect.aspx?downloadKey=5A5D799E-D5AE-4166-80AF-93EE7CED9E8A
VMWare Installer https://www.sophos.com/Pages/DownloadRedirect.aspx?downloadKey=3917B3DD-78D7-4C58-925F-99DDF7B35368
VMWare Update https://www.sophos.com/Pages/DownloadRedirect.aspx?downloadKey=480C9780-EF50-44CF-8321-8D9B55BC9DA7
XEN Installer https://www.sophos.com/Pages/DownloadRedirect.aspx?downloadKey=1B7AAEAF-131D-4386-87E5-CCE7BBCA5287
XEN Update https://www.sophos.com/Pages/DownloadRedirect.aspx?downloadKey=32C8B5E3-6C61-4B76-95FF-5ABB81865CBA

Thank you very much in advance for your effort and your cooperation!

Happy testing