Sophos UTM: Decommissioning of obsolete URL categorization services CFFS.Click here for important info.

Hi XG Community!

We've finished SFOS v16.05.5 MR5. This release is available from within your device for all SFOS v16.05 installations as of now and will increase the group in a few days.

The release is available to all SFOS version via MySophos portal.

Issues Resolved

NC-14549 [API] Unable to delete a web policy
NC-16612 [API] Can not configure second WAN link on any physical interface
NC-17948 [API] Getting different autogenerated password for same guest user in HA (Primary and Auxiliary device)
NC-17955 [API] Unable to ping from ping tool in the diagnostics page
NC-18595 [API] Issues with char encoding using Sophos API
NC-16205 [Authentication] First user login not registered with firewall
NC-17493 [Authentication] Radius authentication doesn't work for Webadmin login
NC-17767 [Authentication] AD users cannot login to userportal with samAccount name plus domain information in login
NC-18282 [Authentication] Client based SSO doesn't work
NC-18630 [Authentication] AD users email addresses will be cut if the email address contains more than 64 characters
NC-18940 [Authentication] access_server crash when multiple users log in at the same time
NC-18733 [Base System, License] UTM9 to SF – Eval to full license migration fails in one of two possible user flows
NC-13297 [Base System] Appliance certificate is invalid after import .xml file.
NC-16623 [Base System] Firmware install message shows "undefined" string instead of firmware display version on GUI
NC-16660 [Base System] CCL details XML information not displaying for Sandbox Events on System Service > Log Settings
NC-17339 [Base System] Hotspot with voucher and full customization can't be created
NC-17393 [Base System] Eval registration from a SG appliance results in multiple registration requests
NC-17545 [Base System] Interface names are not correct for 4-Port 10G module with CR200iNG-XP/CR300iNG-XP appliances
NC-17753 [Base System] User not displayed in correct format in log-viewer in case of email sandbox
NC-18497 [Base System] XG Home subscription - RAM in some corner cases gets Limited to 4GB than 6GB
NC-18830 [Base System] Appliance certificate's issuer CA not present resulting in not able to download SSL client from user portal
NC-3719 [Base System] VPN IPSec connection name length increase from 50 to 100
NC-8998 [Base System] During memtest from SFLoader, units don't reboot by pressing ESC button
NC-18485 [CR-to-CN_Migration] Migration failed from CR 10.6.5-050 to SF 16.05.3-MR3
NC-17334 [Certificates] Certificate Authority can not be deleted in specific scenario
NC-13570 [Clientless Access(HTTP/HTTPS)] Clientless Web Access: Site access issue with 'Restrict Web Application ON' in policy
NC-18639 [DDNS] IP not getting updated in case of NATed IP address using Sophos DDNS
NC-15754 [Date/Time Zone] Time Zone changes for Russia
NC-13855 [Firewall] CCL link not displaying for device access from group level and device level
NC-16484 [Firewall] Kernel Panic on 'IPSET -L' when host have more than 600 IPs
NC-16819 [Firewall] Device becomes inaccessible after deleting Business Policy rule
NC-17042 [Firewall] "Log Firewall Traffic" is unchecked in firewall rule but visible in log viewer
NC-17420 [Firewall] Unable to set proxy port as 80
NC-18425 [Firewall] In WAN to LAN rule firewall drop and reject doesn't work for HTTP and HTTPS traffic
NC-18618 [Firewall] Update of custom zone shows error "Record does not exist" on zone page when "Any" interface not bound with zone
NC-18844 [Firewall] Local ACL exception rule export-import fails
NC-18880 [Firewall] Existing iptables traffic redirection chains not removed when web proxy listening port is updated
NC-18709 [HA] All timers disabled in primary appliance (HA A-A )
NC-17806 [Hotspot] Voucher creation fails if the description includes ' or " sign
NC-17878 [Hotspot] Remove TLS v1.0 and DES/3DES/RC4 cipher algorithm from Hotspot login page
NC-16862 [IPS] Default CA blank because of company name more than chars(50)
NC-17561 [IPS] AWS Upload consumes 100% CPU and goes down only when IPS is disabled
NC-18617 [IPS] IPS restarting (sometimes) while enabling ATP or on ATP policy change
NC-18208 [License] License does not update in Auxiliary appliance in case of standalone in HA Active-Passive mode
NC-18521 [License] Unable to increase virtual cores after license upgrade
NC-11596 [Mail Proxy] Vulnerability fix for CVE-2011-1473
NC-17072 [Mail Proxy] SMTP DOS max Recipients exceeds limit
NC-17311 [Mail Proxy] File filter is not working if file name is very large (i.e. 1k)
NC-17738 [Mail Proxy] SPX encrypted PDF doesn't render properly in case of very long sender address
NC-17875 [Mail Proxy] SMTP service doesn't in MTA mode after switching back and forth between MTA and Legacy Mode multiple times
NC-18353 [Mail Proxy] Image file within compressed files not being allowed with white listing
NC-18493 [Mail Proxy] SMTP service (MTA mode) doesn't deliver mails when receiving and forwarding n/w are on different IP family (ipv4/ipv6)
NC-18548 [Mail Proxy] Sender notification not send when DPP action set as accept with SPX and SPX type as specified by recipient
NC-18869 [Mail Proxy] SF failing PCI compliance on port 25 due to MTA mode responding to RC4 ciphers
NC-18958 [Mail Proxy] System files are accessible to authenticated non-admin users
NC-17781 [Network Services] Static Mac-IP binding
NC-18696 [Network Services] 4G dongle(D-Link DWM-222) not detected
NC-12852 [Networking] DHCP Relay flood customer network
NC-18828 [RED] RED15 tunnel disconnect and data traffic is higher before disconnect
NC-17846 [Reporting] Not able to get reports in case of long email sender (>256)
NC-18769 [Reporting] Records for more than 256 character for sender/receiver should be properly displayed in PDF export
NC-17978 [SSLVPN] Unable to delete bridge interface when bridge host is used in SSL VPN Site to Site
NC-18424 [SSLVPN] SSLVPN Client fails to connect if certificate character has "ã" in the certificate attributes
NC-18885 [SSLVPN] Openvpn Denial of Service due to Exhaustion of Packet-ID counter (CVE-2017-7479)
NC-18265 [Sandstorm] SFM CCL: XML API changes missing for Sandstorm activity in System > Profiles > Device Access
NC-17391 [SupportAccess] SupportAccess: UMA sometimes sends "ApuPort 0" in WebadminResponse
NC-11775 [VPN] Import for selective configuration with "include dependent entity" failed
NC-18039 [VPN] IPSec services is restarting continuously
NC-17862 [WAF] Remote users accessing the site for the web server forwarded with WAF intermittently lose access to the site
NC-18923 [WAF] Segfault for HTTP1.0 requests when cookie rewriting is enabled
NC-18395 [Web] Not getting website category in custom message for unauthenticated blocks
NC-18620 [Wireless] Unable to change the encryption to TKIP or TKIP&AES, settings are reverted back to AES after saving
NC-18623 [Wireless] Wireless clients not able to authenticate after patches applied from NC-13982
NC-18628 [Wireless] Unable to change channel_width for an AP(5GHz) from cli
NC-18698 [Wireless] Internal AP in "W" models are broadcasting the incorrect case for country code
NC-18750 [Wireless] SSIDs are suddenly not broadcasted and connections are getting dropped
NC-18792 [Wireless] LocalWiFi - failed to configure IP address on Bridge to LAN interface if configuration is done immediately
NC-18960 [Wireless] Wireless network stops broadcasting on in-built Wifi Appliance models


You can find the firmware for your appliance from in MySophos portal.

  • SSL VPN is broken.  TCP 8443 does not respond

  • Hi, everyone, since i installed SFOS 16.05.5 MR5 RC on my XG135, I have some issue : cannot not acces to some website as linkedin. I have no web policy active.

    I 'm beginner, do you have some ideas? Thanks.

  • I got XG210 with the (SFOS 16.05.5 MR-5)

    The log viewer stop working when I went to "System Services->Log Setting" selected all and hit apply. looks like no logs recorded at all even in awarrenhttp.log?

    I was trying to call customer support, spend 45min on phone talk to guy from dispatch service to take my details and create a case number???

  • Can anyone tell me what these new variables are?  I have seen them since MR-4 and I am assuming since the VoIP issues are reported as fixed since MR-4 that these might have something to do with it?  They are found in the System Console "show ips_conf"

    var SEARCH_METHOD               hyperscan

    var SIP_STATUS          enabled

    var IGNORE_CALL_CHANNEL         enabled

  • There seems to be a new issue with the attachment filter in MTA mode: even with no documents selected for blocking it strips xlsx, docx and pptx.  The only solution appears to be turning off attachment filtering.