Hi XG Community!

We've finished SFOS v17.0.3 MR3. This release is available from within your device for all SFOS v17.0 installations as of now.

Besides that, the release is available to all SFOS version via MySophos portal.

Issues Resolved

  • NC-25584 [IPsec] IPsec tunnel frequently gets disconnected after migration to v17
  • NC-25597 [IPsec] Disabling DPD has no effect
  • NC-25641 [IPsec] Improve IPsec failover behavior
  • NC-26024 [IPsec] Change default "Policy Keying Tries" to unlimited
  • NC-26032 [IPsec] Too many email notifications on connection retry
  • NC-25986 [Logging] Fixed CVE-2017-18014
  • NC-23214 [Wireless] XG105w failed to update channel width 80 MHz for 5Ghz band

Downloads

You can find the firmware for your appliance from in MySophos portal.

  • Great article. Very well explained. Thanks for the share. https://www.diebestetest.de/

  • where can we download the OS SFOS 17.0.3 MR3 version

  • Hello, SFOS-User: Some additional experiences?

    Actually our customer has a "to-SFOS-migrated" CR100-cluster, 3 cr-35 actually with SFOS 17.3mr3. The two additional Cyberoam CR25-boxes are working smooth like a swiss-knife. :) One HO- 5 BO. HubSpoke.

    We have very frustrating issues last year during the firmware-versions between v16.5 to v16mr8 with the CR100-Cluster-Boxes an v17.0 to v17.3mr3 with ALL SFOS boxes. But they won't stop... :(

    At v16.5mr5/mr8: we had to stop the CR-100-cluster - instability and internet-connection-drops or ughly slow... :(

    Shut down ATP and restart ATP kills the v16.5.mr5 - CPU hangs at 80%. Appliance-restart nessesary.

    IPsec V16/v17 Sophos cut the Phase2 algos: sha2 256 are different in v16 and v17. RSIG-tunnels: you must delete and reconfig them after v16>v17. They won't work anymore. :(

    Now:

    The vpn-engine works instable (static2dyndns, static2static): some tunnels can not re-established some can, webgui connection is dropping (message: could not connect to appliance). In some cases we had to restart the appliance, then vpn-restart is not enough. These errors appear sometimes at ALL v17.3MR3-boxes. Active: Webprotection, SophosCentral, some VPN-Rules, no Rowadwarrior.  - VPNs are established, bust crashing about 2-4 times/month.

    I'm so happy, tha I decided to route the mx-smtp-mails over an utm9.

    Actually "Next Generation Frustration FireWall" ...

  • Update failed for the latest firmware. Keeps failing.

    Thoughts?

  • If anyone has the problem with the RED tunnel problems, you can try this in the advanced console:

    service red_client:stop -d -s nosync

    service red_client:start -d -s nosync

    service red:restart -d -s nosync

    This solved me my issues till the next time the red services are diyng.

    Cheers Andreas