Sophos Firewall OS v18.5 MR2 (Build 380) is now available and includes a number of great features enhancements, security and performance optimizations, and field reported fixes.
We encourage all customers to update their firewall to the latest firmware release to take advantage of these new features, ensure their firewall is performing optimally, and is best protected with the latest security enhancements.
This release also contains a number of enhancements for XGS Series appliance customers:
Upgrade to 18.5 MR2 refreshes the firewall certificate used by endpoints to heartbeat with firewall. Endpoints will need to download the refreshed certificate from Central after the firewall is upgraded onto v18.5 MR2.
Please ensure that the endpoints have network connectivity so that new certificate can be fetched from Central. If endpoints are blocked from resolving sophos.com via DNS to download the new certificate, heartbeat will start failing. One example could be - "Block clients with no heartbeat" configuration in firewall rule preventing endpoints to connect to (internal or external) DNS servers for resolution.
Please refer the KB-000043489 for more details.
As usual, this software update is no charge for all licensed Sophos Firewall devices and should be applied to all supported firewall devices as soon as possible.
It will be rolled out to all connected devices over the coming days. A notification will appear on your local device or Sophos Central management console when the update is available allowing you to schedule the update at your convenience. Otherwise, you can manually download the latest firmware from Licensing Portal and update anytime.
Sophos Firewall OS v18.5 MR2 (Build 380) is a fully supported upgrade from v17.5 MR14 and later, v18 MR3 and later (including the latest v18 MR6) and all previous versions of v18.5. Please refer to the Upgrade information tab in the release notes for more details.
Sophos Firewall OS v19 with Xstream SD-WAN:
The early access program for SFOS v19 is just around the – expected to start in December. SFOS v19 introduces Xstream SD-WAN with major new enhancements to SD-WAN link performance management and routing, VPN, and networking. Be sure to watch this space for more news on this exciting release.
Sophos ZTNA as an alternative to remote access VPN:
If you’re interested in a better alternative for remote access, check out our new Zero Trust Network Access product which just started its early access program for the release candidate. It offers much better security, easier management, and a more transparent end-user experience than remote access VPN.
Sophos Firewall Product Team
the new 18.5 MR2 entirely locked me out of my XG86w firewall. I have no access to it anymore and central says it is not connected to the internet anymore.
Why do 4 out of 5 connections to the same server fail?
That is the same behavior like this: https://docs.sophos.com/nsg/sophos-firewall/18.5/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Logs/LogViewer/InvalidTrafficEvents/index.html
It is basically no issue of the firewall and cannot be fixed. You can disable the logging if you do not want to see this.
Maybe you have logging disabled for this type of error?