SFOS v17.0 RC-1 Released

Hi XG Community!

We've finished SFOS v17.0.0 RC-1. This release is available from within your device for all SFOS v17.0.0 installations as of now.

Note: SFOS v16.05.8 MR8 installations can update to v17.0.0 RC-1.


New Features

  • Unified Log Viewer and More Granular Logging


  • NC-22241 [Access] Typo in access_server log line
  • NC-21857 [API] Creation of clientless users with same name fails
  • NC-21567 [Authentication] "Valdidate Server Certificate" for authentication server fails sometimes
  • NC-22220 [Authentication] Admin user can be created with the same password as the username via XMLRPC with password complexity settings enabled
  • NC-22231 [Authentication] Captive Portal incorrect Error Message using OTP settings
  • NC-21428 [Base System] License key activation not syncing automatically on wizard and licensing page
  • NC-21460 [Base System] Registration page does not open in chosen language in deferral mode - opens in English only
  • NC-21461 [Base System] CSRF token is submitted to registration pages
  • NC-22047 [Base System] Install wizard: Finish page does not redirect after reboot after updating firmware
  • NC-22065 [Base System] Segfault in csc while doing HA failover in HA A/P with dynamic interface
  • NC-22216 [Base System] Policy Test tool not working for web policy test method
  • NC-22302 [Base System] Several features are not working on registration deferral, because there is no Serialnumber
  • NC-22326 [Base System] Garner performance improvement in new log-viewer
  • NC-22290 [Clientless Access] Clientless user update failed
  • NC-22398 [CN to CN Migration] Add SFOS v16.5 MR-8 to v17.0 migration support
  • NC-19686 [Firewall] Network Rule summary text without space and missing options
  • NC-22059 [Firewall] SSL decryption should not be enabled by the wizard
  • NC-22325 [Firewall] Traffic data count shows 0 when more than 2000 rules are created
  • NC-22328 [Firewall] Traffic drop with src ip of appliance also logged as Invalid traffic
  • NC-22342 [Firewall] Firewall unresponsive once reboot the appliance after Business rule (DNAT) with rule name containing '\' is deleted
  • NC-22573 [Firewall] Unable to create Custom Zone
  • NC-22584 [Firewall] NAT rule not working for DNAT rule
  • NC-21568 [Framework(UI)] In user portal one user can view internet usage statistic of other users by injecting filter parameter
  • NC-19480 [Hotspot] Cyrillic characters won't be displayed in voucher description
  • NC-22040 [Hotspot] Hotspot update fails in case where hotspot firewall rule has GW specific default NAT configured
  • NC-21494 [IPsec] Full config import fails due to opcode 'update_DNS_configuration' failure
  • NC-21665 [IPsec] Adding IPSec connection UI page not working with IE11
  • NC-21910 [IPsec] Adding IPsec connection through IPsec wizard shows NAT-Traversal option but it is missing from main IPsec connection page
  • NC-21938 [IPsec] Remote CA certificate field does not show all CAs
  • NC-22100 [IPsec] L2TP VPN is not connecting after upgrade appliance in V17
  • NC-22138 [IPsec] No error message shown when selecting unsupported IKEv2 IPsec policy in L2TP connection
  • NC-22214 [IPsec] 'Check Peer After Every' must be 15 seconds smaller than Phase 2 'key life'
  • NC-22267 [IPsec] Saving or activating an IPsec connection shows a misleading message - Part 2
  • NC-22355 [IPsec] Keep IPsec CA configuration after migration from SFOS v16.5
  • NC-20949 [Logging] Sandstorm table empty in log viewer
  • NC-20951 [Logging] Web Content Policy table empty in log viewer
  • NC-21658 [Logging] Log viewer page title and time stamp is not set properly
  • NC-21728 [Logging] DDNS information (last updated IP, last status, updated time) not updating on DDNS page
  • NC-22079 [Logging] Log viewer page got stuck after timeout of admin session
  • NC-22228 [Logging] PUA detection logs are not available at log viewer under malware
  • NC-22237 [Logging] Log viewer shows web content policy in loading state
  • NC-21348 [Mail Proxy] Awarrensmtp service died and does not start when quarantine storage is full
  • NC-22080 [Mail Proxy] Unable to add user in clientless users in v16.05 MR-7
  • NC-21615 [Network Services] Wildcard host not visible on FQDN host filter on Add Policy Routing and Firewall page
  • NC-21731 [Network Services] Traffic is not passing from AUX when wildcard FQDN host used in firewall rule on active-active HA
  • NC-22053 [Network Services] DNS IP is not leased to client from DHCP server which is created on wizard run
  • NC-22361 [Network Services] FQDN traffic being dropped by secondary in active-active HA
  • NC-19212 [Networking] XG web admin can't show DNS query result for certain FQDN, such as svr-dc-01.mhadomain.internal
  • NC-21890 [Networking] Bridge interface update event logs are not showing
  • NC-21965 [Networking] Gateway Specific Default NAT Policy option doesn't work
  • NC-21966 [Networking] IP address of bridge ipv6 is not updated when changed via CLI
  • NC-22010 [Routing] pimd crashes when more than 31 multicast interfaces are configured
  • NC-22096 [Routing] After restoring backup of CR300iNG in XG-450 appliance VLAN interfaces for OSPF were not migrated
  • NC-21653 [SecurityHeartbeat] heartbeatd crashes when signature database is corrupt
  • NC-21813 [SecurityHeartbeat] After heartbeat registration, multiselect dropdown menu for Missing Heartbeat Zones is empty
  • NC-22055 [SecurityHeartbeat] In HA environment unregistering doesn't clear the config files on the AUX node
  • NC-22098 [SecurityHeartbeat] Improve UX of SAC Customize dialog
  • NC-22497 [SecurityHeartbeat] Migration of registration data fails due to magic IPs
  • NC-21513 [SSLVPN] Customers with '/' in the username are not able to download the SSLVPN config
  • NC-21933 [SSLVPN] SSLVPN runs on Primary and Aux in HA active-passive
  • NC-21913 [Synchronized App Control] Proper Name of Synchronized Applications is not displayed in report
  • NC-20766 [Web] Policy tester should not show content scanning rules when content scanning is disabled in firewall rule
  • NC-20799 [Web] Word contains leading or trailing symbol will make a partial CCL match
  • NC-21739 [Web] Policy tester will error out with white list urls
  • NC-21765 [Web] CCL that contains special chars in key name is not loaded by conan
  • NC-21997 [Web] Non-HTTP(S) ports in policy tester should never hit web policy rules
  • NC-22232 [Web] Upgrade Samba to address CVE-2017-12150
  • NC-22295 [Web] Not able to download PDF and ISOs from specific URLs after migrating to v17 with AV scanning
  • NC-22322 [Web] CCL validation is failed for UTF8-BOM file

Download Links

Please use the download links for later versions.


Thank you very much in advance for your effort and your cooperation!

Happy testing