Related
Recommended
talex

Hi XG Community!

We've finished SFOS v17.0.3 MR3. This release is available from within your device for all SFOS v17.0 installations as of now.

Besides that, the release is available to all SFOS version via MySophos portal.

Issues Resolved

  • NC-25584 [IPsec] IPsec tunnel frequently gets disconnected after migration to v17
  • NC-25597 [IPsec] Disabling DPD has no effect
  • NC-25641 [IPsec] Improve IPsec failover behavior
  • NC-26024 [IPsec] Change default "Policy Keying Tries" to unlimited
  • NC-26032 [IPsec] Too many email notifications on connection retry
  • NC-25986 [Logging] Fixed CVE-2017-18014
  • NC-23214 [Wireless] XG105w failed to update channel width 80 MHz for 5Ghz band

Downloads

You can find the firmware for your appliance from in MySophos portal.

  • I replaced the IPSEC VPNs with SSL VPNs and they are working fine.  I'd rather use IPSEC, but for others have trouble with site to site, that might work for you, too.  I can confirm that Email in MTA mode is still massively broken.  We've moved email filtering to a 10IP UTM9 virtual server - all problems evaporated.  I can write a how-to if anyone is interested.  MSRP price for that is $107 new, $104 renewal for just Email protection.  but I'd pressure anyone that sold you Email protection to give it to you for free.

  • Looks like sophos couldn't fix the bugs, instead they created more bugs in this firmware, and my 8 devices i have to manually restart on daily basis to get my vpn connection up, Very disappointing  

  • We have still issues with ipsec-VPN in active/passive cluster. no connection possible. When I disable the cluster it is working.

    With MR3 a lot of basic issues were solved with ipsec VPN, which is stable on our side now.

  • Just upgraded from 16.5.8-MR8 via 17.0.2-MR2 to 17.0.3-MR3. Seems like everything is working fine. Except of course VPN.

    IPsec-VPN with Cyberoam-Firewalls won't work unless you have activated 'SHA2 with 96-bit truncation' within the IPsec-profile.  Otherwise phase-1 will establish a connection perfectly but phase-2 obviously won't let any transfer go through. Logviewer wasn't very helpful to find this one; we had to contact our partner to solve this issue.

  • I was so stupid to upgrade to SFOS17 and so I upgraded to SFOS 17.0.3.

    My mailbox is fulling up with email notifications of ipsec site to site tunnels that are down and up and down and ..

    I found out that changing to aes256/sha256 with dh5 was more stable.

    The reflex should be to create a support ticket, but when does guys tried to gave support, it's only irritated me the slowness and lake of knowledge of the product.

    I already contact my account person with Sophos, will see if I get a response.

    Also other issues like sandstorm test isn't working (www.sophos.com/.../sandstorm-test.aspx) and that when sandstorm is processing, the end user is getting an insecure https://ip-fw screen that still not can been replaced by https://fqdn + valid cert.

    I think the quarantine has the same problem.

    Isn't it time to act for a security company to make the security products stable and secure?

Unfiltered HTML