Sophos Firewall OS v18.5 MR4 is Now Available

While many organizations have already upgraded to SFOS v19 to take advantage of all the great new SD-WAN, VPN, and quality-of-life improvements, we know many of you are possibly waiting for the first maintenance release for v19 before jumping in. Our team is hard at work on the first MR for v19, but in the meantime, we’ve released a nice update for v18.5 with MR4.

What’s New in SFOS v18.5 MR4:

  • Static Multicast Enhancements
    • CLI support for “multicast-decrement-ttl enable/disable” to control the TTL value in static multicast route forwarding use cases. This can prevent multicast traffic from getting dropped due to expiring TTL values at the time of forwarding.
    • Increased the default multicast group limit to 250 to support an increased number of OSPF neighbors. This can be changed via CLI “multicast-group-limit”
  • Improved log file handling and CSC logging for enhanced troubleshooting
  • Zero-Day Protection – An additional data center location for cloud-based machine learning file analysis is now available in Asia Pacific: Sydney, Australia.
  • Added QMI driver support for Cellular WAN
  • Several important security, performance, and reliability enhancements
  • Fixes 85+ field reported issues

Check out the v18.5 MR4 release notes for full details.

Of course, these new enhancements will also be included in v19 MR1 when it becomes available.

How to Get it:

The release of v18.5 MR4 follows our regular firmware release process so you can download it now from MySophos or wait until it appears in your console over the next few weeks.

Sophos Firewall OS v18.5 MR4 is a fully supported upgrade from v17.5 MR14 and later, v18 MR3 and later, and all previous versions of v18.5. Please refer to the Upgrade information tab in the release notes for more details.

The Importance of Updating and Upgrading:

It is critically important for your network security that you keep all your firewall devices up to date, either on v18.5 MR4 or v19, as every release of SFOS includes important security fixes.  We know many customers have devices running old, end-of-life, and unsupported firmware releases that are putting their networks at risk – make sure you check all your Sophos Firewall devices and either update them, upgrade them, or decommission and disconnect them.

If you have XG 85(w) or XG 105(w) devices, they must be upgraded to XGS Series very soon as they are end-of-life and no longer supported as of August 17th, 2022.

Parents
  • When will v19 MR1 finally be available? The not properly working Anti-Spam is driving our customers nuts for months now. Good that you've tested this properly before releasing it btw.

  • NC-90702 has been fixed which at least results in the SASI engine actually working, but NC-93678 isn't fixed so detection rates are still low.

    I'm not expecting 19.0 MR1 to be any different - it's detection rates will be much lower than 18.5 MR2. If you need the SD-WAN improvements of 19.0, then upgrade and either burn your time with Sophos Support on getting SASI working properly or move your anti-spam processing to something that works.

Comment
  • NC-90702 has been fixed which at least results in the SASI engine actually working, but NC-93678 isn't fixed so detection rates are still low.

    I'm not expecting 19.0 MR1 to be any different - it's detection rates will be much lower than 18.5 MR2. If you need the SD-WAN improvements of 19.0, then upgrade and either burn your time with Sophos Support on getting SASI working properly or move your anti-spam processing to something that works.

Children