Hi XG Community!

We've released SFOS v17.5.7 MR7 for the Sophos XG Firewall. Initially, the firmware will be available by manual download from your MySophos account. We then make the firmware available via auto-update to a number of customers, which will increase over time.

Please visit the following link for more information regarding the upgrade process: Sophos XG Firewall: How to upgrade the firmware.

Issues Resolved in SF 17.5 MR7

  • NC-41262 [Authentication] Users randomly getting disconnected with CAA

  • NC-46466 [CaptivePortal] Connection security configuration options for Captive Portal and HTTP Proxy

  • NC-46787 [CM (Zero Touch)] Some USB pen drives fails to mount

  • NC-46750 [Dynamic Routing (PIM)] Camera recordings are missing at NVR

  • NC-46707 [Email] Exception for IP reputation and RBL works incorrectly

  • NC-43902 [Firewall] API export of service objects has the incorrect order

  • NC-45322 [Firewall] NMI backtraces

  • NC-45603 [Firewall] Legacy Mode SMTP rule with IPlist not working

  • NC-47632 [Firewall] TCP SACK PANIC - Kernel vulnerabilities

  • NC-45720 [Firmware Management] Device rebooting continuously while boot with SFOS firmware version after migration from CROS

  • NC-46658 [RED] Typo in Popup message after RED creation in German language setting

  • NC-43414 [Authentication, SSLVPN] Login restriction feature on user accounts for SSL VPN not working correctly

  • NC-45258 [SSLVPN] Wrong route is added while using static virtual IP address in SSL-VPN Site-to-Site tunnel

  • NC-46579 [Web] Unable to add sub-domain when sub-domain contains single value

  • NC-47906 [Wireless] TCP SACK PANIC - Kernel vulnerabilities on XG managed AP

Download

To manually install the upgrade, you can download the firmware from the MySophos portal. Please refer to Sophos XG Firewall: How to upgrade the firmware.

Parents
  • This release entirely broke site to site routing over SSL VPN. I had to downgrade to 17.5 MR-6. Release notes state:

    NC-45258 [SSLVPN] Wrong route is added while using static virtual IP address in SSL-VPN Site-to-Site tunnel

    I need to use static virtual IP addresses. Obviously it wasn't the wrong route that was added in previous builds.

Comment
  • This release entirely broke site to site routing over SSL VPN. I had to downgrade to 17.5 MR-6. Release notes state:

    NC-45258 [SSLVPN] Wrong route is added while using static virtual IP address in SSL-VPN Site-to-Site tunnel

    I need to use static virtual IP addresses. Obviously it wasn't the wrong route that was added in previous builds.

Children
No Data