Related
Recommended
talex

Hi XG Community!

We've released SFOS v17.5.7 MR7 for the Sophos XG Firewall. Initially, the firmware will be available by manual download from your MySophos account. We then make the firmware available via auto-update to a number of customers, which will increase over time.

Please visit the following link for more information regarding the upgrade process: Sophos XG Firewall: How to upgrade the firmware.

Issues Resolved in SF 17.5 MR7

  • NC-41262 [Authentication] Users randomly getting disconnected with CAA

  • NC-46466 [CaptivePortal] Connection security configuration options for Captive Portal and HTTP Proxy

  • NC-46787 [CM (Zero Touch)] Some USB pen drives fails to mount

  • NC-46750 [Dynamic Routing (PIM)] Camera recordings are missing at NVR

  • NC-46707 [Email] Exception for IP reputation and RBL works incorrectly

  • NC-43902 [Firewall] API export of service objects has the incorrect order

  • NC-45322 [Firewall] NMI backtraces

  • NC-45603 [Firewall] Legacy Mode SMTP rule with IPlist not working

  • NC-47632 [Firewall] TCP SACK PANIC - Kernel vulnerabilities

  • NC-45720 [Firmware Management] Device rebooting continuously while boot with SFOS firmware version after migration from CROS

  • NC-46658 [RED] Typo in Popup message after RED creation in German language setting

  • NC-43414 [Authentication, SSLVPN] Login restriction feature on user accounts for SSL VPN not working correctly

  • NC-45258 [SSLVPN] Wrong route is added while using static virtual IP address in SSL-VPN Site-to-Site tunnel

  • NC-46579 [Web] Unable to add sub-domain when sub-domain contains single value

  • NC-47906 [Wireless] TCP SACK PANIC - Kernel vulnerabilities on XG managed AP

Download

To manually install the upgrade, you can download the firmware from the MySophos portal. Please refer to Sophos XG Firewall: How to upgrade the firmware.

  • I have an issue with DHCP client not receiving a gateway IP. Unchecked "use interface IP as gateway" and hard-coded the IP address and it seems to have worked (though I also downed/upped the client interface, so too many variables to confirm).

  • Skipped MR5 and MR6 and so will I with MR7... Thanks for beta testing and saving me from trouble!

  • just  updated to mr7.   I have 3 HA pairs and after applying the update i cannot ping  the secondary firewall via lan IP after the update on the one pair. one pair updated fine no issues can ping both FW's via their respective LAN IP's, and the last pair can't ping the second FW from across our  VPN tunnel,  but can the primary, if i go to  that side of the tunnel the second FW pings by the correct lan IP but if i log in and look at the interface it shows the IP of the main FW in that pair.

    what a mess.

  • Finally after installing MR7 i'm affected by this DHCP bug. Devices get an IP from XG DHCP, but there is no gateway. I had to edit DHCP settings and turning off "use interface IP as gateway" to get this base service work again.

  • You right Miroslav,

    We are still at MR3 and can not believe it how bad the quality of the firmware update has become.

    Similar to Windows 10, you now have to be afraid with every update / upgrade that the system works without a problem afterwards.

    We came from Astaro v3 on Netscreen / Palo Alto to XG and have to realize that the XG is currently not really suitable for enterprise use.

Unfiltered HTML