Hi XG Community!
We've finished SFOS v16.05.5 MR5. This release is available from within your device for all SFOS v16.05 installations as of now and will increase the group in a few days.
The release is available to all SFOS version via MySophos portal.
NC-14549 [API] Unable to delete a web policyNC-16612 [API] Can not configure second WAN link on any physical interfaceNC-17948 [API] Getting different autogenerated password for same guest user in HA (Primary and Auxiliary device)NC-17955 [API] Unable to ping facebook.com from ping tool in the diagnostics pageNC-18595 [API] Issues with char encoding using Sophos APINC-16205 [Authentication] First user login not registered with firewallNC-17493 [Authentication] Radius authentication doesn't work for Webadmin loginNC-17767 [Authentication] AD users cannot login to userportal with samAccount name plus domain information in loginNC-18282 [Authentication] Client based SSO doesn't workNC-18630 [Authentication] AD users email addresses will be cut if the email address contains more than 64 charactersNC-18940 [Authentication] access_server crash when multiple users log in at the same timeNC-18733 [Base System, License] UTM9 to SF – Eval to full license migration fails in one of two possible user flowsNC-13297 [Base System] Appliance certificate is invalid after import .xml file.NC-16623 [Base System] Firmware install message shows "undefined" string instead of firmware display version on GUINC-16660 [Base System] CCL details XML information not displaying for Sandbox Events on System Service > Log SettingsNC-17339 [Base System] Hotspot with voucher and full customization can't be createdNC-17393 [Base System] Eval registration from a SG appliance results in multiple registration requestsNC-17545 [Base System] Interface names are not correct for 4-Port 10G module with CR200iNG-XP/CR300iNG-XP appliancesNC-17753 [Base System] User not displayed in correct format in log-viewer in case of email sandboxNC-18497 [Base System] XG Home subscription - RAM in some corner cases gets Limited to 4GB than 6GBNC-18830 [Base System] Appliance certificate's issuer CA not present resulting in not able to download SSL client from user portalNC-3719 [Base System] VPN IPSec connection name length increase from 50 to 100NC-8998 [Base System] During memtest from SFLoader, units don't reboot by pressing ESC buttonNC-18485 [CR-to-CN_Migration] Migration failed from CR 10.6.5-050 to SF 16.05.3-MR3NC-17334 [Certificates] Certificate Authority can not be deleted in specific scenarioNC-13570 [Clientless Access(HTTP/HTTPS)] Clientless Web Access: Site access issue with 'Restrict Web Application ON' in policyNC-18639 [DDNS] IP not getting updated in case of NATed IP address using Sophos DDNSNC-15754 [Date/Time Zone] Time Zone changes for RussiaNC-13855 [Firewall] CCL link not displaying for device access from group level and device levelNC-16484 [Firewall] Kernel Panic on 'IPSET -L' when host have more than 600 IPsNC-16819 [Firewall] Device becomes inaccessible after deleting Business Policy ruleNC-17042 [Firewall] "Log Firewall Traffic" is unchecked in firewall rule but visible in log viewerNC-17420 [Firewall] Unable to set proxy port as 80NC-18425 [Firewall] In WAN to LAN rule firewall drop and reject doesn't work for HTTP and HTTPS trafficNC-18618 [Firewall] Update of custom zone shows error "Record does not exist" on zone page when "Any" interface not bound with zoneNC-18844 [Firewall] Local ACL exception rule export-import failsNC-18880 [Firewall] Existing iptables traffic redirection chains not removed when web proxy listening port is updatedNC-18709 [HA] All timers disabled in primary appliance (HA A-A )NC-17806 [Hotspot] Voucher creation fails if the description includes ' or " signNC-17878 [Hotspot] Remove TLS v1.0 and DES/3DES/RC4 cipher algorithm from Hotspot login pageNC-16862 [IPS] Default CA blank because of company name more than chars(50)NC-17561 [IPS] AWS Upload consumes 100% CPU and goes down only when IPS is disabledNC-18617 [IPS] IPS restarting (sometimes) while enabling ATP or on ATP policy changeNC-18208 [License] License does not update in Auxiliary appliance in case of standalone in HA Active-Passive modeNC-18521 [License] Unable to increase virtual cores after license upgradeNC-11596 [Mail Proxy] Vulnerability fix for CVE-2011-1473NC-17072 [Mail Proxy] SMTP DOS max Recipients exceeds limitNC-17311 [Mail Proxy] File filter is not working if file name is very large (i.e. 1k)NC-17738 [Mail Proxy] SPX encrypted PDF doesn't render properly in case of very long sender addressNC-17875 [Mail Proxy] SMTP service doesn't in MTA mode after switching back and forth between MTA and Legacy Mode multiple timesNC-18353 [Mail Proxy] Image file within compressed files not being allowed with white listingNC-18493 [Mail Proxy] SMTP service (MTA mode) doesn't deliver mails when receiving and forwarding n/w are on different IP family (ipv4/ipv6)NC-18548 [Mail Proxy] Sender notification not send when DPP action set as accept with SPX and SPX type as specified by recipientNC-18869 [Mail Proxy] SF failing PCI compliance on port 25 due to MTA mode responding to RC4 ciphersNC-18958 [Mail Proxy] System files are accessible to authenticated non-admin usersNC-17781 [Network Services] Static Mac-IP bindingNC-18696 [Network Services] 4G dongle(D-Link DWM-222) not detectedNC-12852 [Networking] DHCP Relay flood customer networkNC-18828 [RED] RED15 tunnel disconnect and data traffic is higher before disconnectNC-17846 [Reporting] Not able to get reports in case of long email sender (>256)NC-18769 [Reporting] Records for more than 256 character for sender/receiver should be properly displayed in PDF exportNC-17978 [SSLVPN] Unable to delete bridge interface when bridge host is used in SSL VPN Site to SiteNC-18424 [SSLVPN] SSLVPN Client fails to connect if certificate character has "ã" in the certificate attributesNC-18885 [SSLVPN] Openvpn Denial of Service due to Exhaustion of Packet-ID counter (CVE-2017-7479)NC-18265 [Sandstorm] SFM CCL: XML API changes missing for Sandstorm activity in System > Profiles > Device AccessNC-17391 [SupportAccess] SupportAccess: UMA sometimes sends "ApuPort 0" in WebadminResponseNC-11775 [VPN] Import for selective configuration with "include dependent entity" failedNC-18039 [VPN] IPSec services is restarting continuouslyNC-17862 [WAF] Remote users accessing the site for the web server forwarded with WAF intermittently lose access to the siteNC-18923 [WAF] Segfault for HTTP1.0 requests when cookie rewriting is enabledNC-18395 [Web] Not getting website category in custom message for unauthenticated blocksNC-18620 [Wireless] Unable to change the encryption to TKIP or TKIP&AES, settings are reverted back to AES after savingNC-18623 [Wireless] Wireless clients not able to authenticate after patches applied from NC-13982NC-18628 [Wireless] Unable to change channel_width for an AP(5GHz) from cliNC-18698 [Wireless] Internal AP in "W" models are broadcasting the incorrect case for country codeNC-18750 [Wireless] SSIDs are suddenly not broadcasted and connections are getting droppedNC-18792 [Wireless] LocalWiFi - failed to configure IP address on Bridge to LAN interface if configuration is done immediatelyNC-18960 [Wireless] Wireless network stops broadcasting on in-built Wifi Appliance models
You can find the firmware for your appliance from in MySophos portal.
SSL VPN is broken. TCP 8443 does not respond
Hi, everyone, since i installed SFOS 16.05.5 MR5 RC on my XG135, I have some issue : cannot not acces to some website as linkedin. I have no web policy active.
I 'm beginner, do you have some ideas? Thanks.
I got XG210 with the (SFOS 16.05.5 MR-5)
The log viewer stop working when I went to "System Services->Log Setting" selected all and hit apply. looks like no logs recorded at all even in awarrenhttp.log?
I was trying to call customer support, spend 45min on phone talk to guy from dispatch service to take my details and create a case number???
Can anyone tell me what these new variables are? I have seen them since MR-4 and I am assuming since the VoIP issues are reported as fixed since MR-4 that these might have something to do with it? They are found in the System Console "show ips_conf"
var SEARCH_METHOD hyperscan
var SIP_STATUS enabled
var IGNORE_CALL_CHANNEL enabled
There seems to be a new issue with the attachment filter in MTA mode: even with no documents selected for blocking it strips xlsx, docx and pptx. The only solution appears to be turning off attachment filtering.