Related
Recommended
talex

Hi XG Community!

We've finished SFOS v17.0.8 MR8. This release is available in stages. In first stage it will be available at MySophos. We then start with a small amount of slots for v17.0 and will increase those over time. Later it will be available to v16.05 installations as well.

Update: SFOS v17.0.8 MR8 is now available to all SFOS installations. It's also available via SFM/CFM.

Notes

Issues Resolved

  • NC-27996 [Authentication] access_server coredump results in users getting logged out
  • NC-29485 [Authentication] access_server coredumps and restartings
  • NC-28033 [Base System] Packet capture and connection list issue
  • NC-28566 [Base System] Garner service restarts
  • NC-27214 [Firewall] IPsec NAT chain for all VPN tunnels gets removed if only one tunnel goes down
  • NC-29243 [Framework(UI)] Subnet creation is broken for IE11
  • NC-26151 [IPsec] IPsec connections can't always be disabled on first try
  • NC-27034 [IPsec] IKE packets lost when routed over the HA link
  • NC-28076 [IPsec] IPsec detail view has a mismatch for tunnel status
  • NC-28558 [IPsec] 'UP' Email notifications are not sent when the IPsec tunnels come up again within 1 second
  • NC-28577 [IPsec] Two IKEs for the same connections leads to a lot REKEYED connection on responder
  • NC-28795 [IPsec] Strongswan service is stuck in CSC for HA pair
  • NC-28850 [IPsec] IPsec Connection UI page hangs
  • NC-28857 [IPsec] PFS is shown as enabled in GUI although it is disabled in policy
  • NC-28909 [IPsec] Coredump generated for charon due to segmentation fault
  • NC-29043 [IPsec] CSC hangs - system becomes unresponsive
  • NC-29129 [IPsec] IPsec connection is not reestablished after PPPoE reconnect
  • NC-29242 [IPsec] Cannot configure VPNs using IE11
  • NC-29254 [IPsec] Random route deletion in IPsec with DGD
  • NC-29378 [IPsec] vpnconn_all_status_update takes continuously high cpu when IPsec VPN manage page stays open
  • NC-29834 [IPsec] Multiple IKE_SAs in CONNECTING state for the same config when peer does not respond
  • NC-29936 [IPsec] vpnconn_all_status_update can overload the system
  • NC-29995 [IPsec] IPsec paketfilter rules missing after DGD failback
  • NC-30192 [IPsec] IPsec S2S connection not initiated after DHCP interface update
  • NC-28106 [RED] RED tunnel disconnects every 24h
  • NC-29465 [Reporting] Not able to send mail digest - due to PG connections full

Downloads

You can find the firmware for your appliance from in MySophos portal.

  • >> Posted 10 May 2018 - "In first stage it will be available at MySophos. Next week, it will be available from within your device for all SFOS v17.0 installations"

    its now 10 days after the initial post and still not available from within my device. "what say you" Sophos?

  • When is SPF check coming for email protection? Spoofed emails are killing me.

  • I'm trying to upload the new firmware on a CR15iNG, but the message occurs: new firmware could not be uploaded. please refer to online help for possible reasons

    anyone else with this problem?

  • I still don't see the update available on any of the XGs I manage. When will it be available for direct download and install?

  • My recommendation for mail filtering is to buy the 10IP software license for UTM9.  You might get your sales contact to give that to you for free.  The mail filter product on the XG is abysmal and from what I understand they can't simply port everything the UTM9 does over to it.  Do not go down that road.  I tried twice and got burned both times.  The annual cost for the UTM9 Software License for 10IP Email filter only is retail like $80.  You don't need it to have full guard, network protection, or anything else.  Let the XG handle that.  But after I've done this for 5 email implementations, I've been relieved on a stress level you might imagine.

Unfiltered HTML