New Sophos Support Phone Numbers in Effect July 1st, 2023

Sophos Firewall OS v18.5 MR4 is Now Available

While many organizations have already upgraded to SFOS v19 to take advantage of all the great new SD-WAN, VPN, and quality-of-life improvements, we know many of you are possibly waiting for the first maintenance release for v19 before jumping in. Our team is hard at work on the first MR for v19, but in the meantime, we’ve released a nice update for v18.5 with MR4.

What’s New in SFOS v18.5 MR4:

  • Static Multicast Enhancements
    • CLI support for “multicast-decrement-ttl enable/disable” to control the TTL value in static multicast route forwarding use cases. This can prevent multicast traffic from getting dropped due to expiring TTL values at the time of forwarding.
    • Increased the default multicast group limit to 250 to support an increased number of OSPF neighbors. This can be changed via CLI “multicast-group-limit”
  • Improved log file handling and CSC logging for enhanced troubleshooting
  • Zero-Day Protection – An additional data center location for cloud-based machine learning file analysis is now available in Asia Pacific: Sydney, Australia.
  • Added QMI driver support for Cellular WAN
  • Several important security, performance, and reliability enhancements
  • Fixes 85+ field reported issues

Check out the v18.5 MR4 release notes for full details.

Of course, these new enhancements will also be included in v19 MR1 when it becomes available.

How to Get it:

The release of v18.5 MR4 follows our regular firmware release process so you can download it now from MySophos or wait until it appears in your console over the next few weeks.

Sophos Firewall OS v18.5 MR4 is a fully supported upgrade from v17.5 MR14 and later, v18 MR3 and later, and all previous versions of v18.5. Please refer to the Upgrade information tab in the release notes for more details.

The Importance of Updating and Upgrading:

It is critically important for your network security that you keep all your firewall devices up to date, either on v18.5 MR4 or v19, as every release of SFOS includes important security fixes.  We know many customers have devices running old, end-of-life, and unsupported firmware releases that are putting their networks at risk – make sure you check all your Sophos Firewall devices and either update them, upgrade them, or decommission and disconnect them.

If you have XG 85(w) or XG 105(w) devices, they must be upgraded to XGS Series very soon as they are end-of-life and no longer supported as of August 17th, 2022.

Parents Comment Children
  • Hi do you have a JIRA ID for the issue? A hotfix has already been released for 18.5 MR3 and 19.0 regarding SASI issue (NC-90702)

  • NC-90702 has been fixed which at least results in the SASI engine actually working, but NC-93678 isn't fixed so detection rates are still low.

    I'm not expecting 19.0 MR1 to be any different - it's detection rates will be much lower than 18.5 MR2. If you need the SD-WAN improvements of 19.0, then upgrade and either burn your time with Sophos Support on getting SASI working properly or move your anti-spam processing to something that works.

  • So waiting for a fix can take just forever, like everytime with sophos. Thanks for pointing that out, now have to downgrade a lot of firewalls just because Sophos is incompetent, nice.

  • It's not like I have the time to open support cases for every single firewall we manage just to let the support install a fix. It's absolutely shocking that Sophos is obviously unable to release a fix for such a serious bug in a timely manner that everyone can just install.

    Our customers are getting a lot of phishing mails that are just passing the mail protection as if it don't even exist and you guys won't release a fix for months, this is unbelivable to me and pretty sad for a company that stands for security!

  • It's just ridiculous that you dare to write something like that in your update notes, while your product is more insecure than before: "It is critically important for your network security that you keep all your firewall devices up to date"!