Sophos (XG) Firewall v18 Maintenance Release 6 is packed with bug fixes, troubleshooting enhancements and security fixes.

What's new in v18 MR6:

  • Resolved FragAttack Vulnerabilities recently discovered in the Wi-Fi specification for all internal and add-on Wi-Fi modules for Sophos (XG) Firewall desktop series appliances. All other updates will follow as outlined in this advisory.
  • Improved troubleshooting report (CTR) UX; eliminate UI timeout and freezing issue during CTR generation.
  • Ability to generate troubleshooting reports (CTR) from the backend.
  • Capture full troubleshooting logs including log file rotation in the troubleshooting report (CTR).
  • Improved system snapshot in troubleshooting report (CTR) - added atop, top, env other useful commands output.New Cloud Application (CASB) report

Issues resolved in v18 MR6

  • NC-70099 [Authentication] Error while accessing XG web admin
  • NC-73734 [Date/Time Zone] Reports showing wrong time zone due to /etc/timezone is not updated during restore
  • NC-69495 [Firewall] XG210 rebooting frequently [skb->sk corruption]
  • NC-69503 [Firewall, VFP-Firewall] Possible IRQ lock inversion dependency
  • NC-69558 [Firewall] XG750 v18.0.3.457 crash: tcp_v4_rcv+0xb14/0xbb0
  • NC-72153 [Firewall] VLAN on bridge with fastpath enabled does not pass traffic
  • NC-75844 [HA] Traffic issues on HA Active-Active Mode
  • NC-63177 [IPS-DAQ-NSE] DPI causing trouble with SSL 2.0 client hello's
  • NC-69344 [IPS-DAQ-NSE] Improved bandwidth of TLS connections in DPI mode by updating the TCP receive window negotiation algorithm
  • NC-64935 [IPsec] Alerts generated by Central when auxiliary unit IPsec log has REKEY event
  • NC-69335 [IPsec] Unable to delete IPSec Connection which is on second UI page
  • NC-69446 [IPsec] XFRM interface fails to get Connected and it's status becomes N/A upon a reboot when RBVPN is on Cellular WAN
  • NC-74978 [IPsec] Charon crash in send_sso
  • NC-70057 [Network Utils] Intermittent WAN connectivity issue for firewall running on Azure
  • NC-70783 [RED] The GUI access of the Primary appliance is lost when we save RED interface.
  • NC-78401 [RED] RED keep-alive logic improvements
  • NC-71333 [SDWAN Routing] Incoming VPN traffic doesn't follow SDWAN policy
  • NC-72419 [SSLVPN] SSLVPN remote access: push_reply does not include updated permitted lan networks
  • NC-77589 [UI Framework] UI times out when configuring an IPSec tunnel

More info available here: v18 MR6 release notes


Upgrade as soon as possible

While we always encourage you to keep your firewalls up to date with the latest firmware, over the next few months we are recommending you rapidly apply maintenance releases to ensure you have all the important security, performance, and feature enhancements applied as soon as possible.

Also ensure you have automatic pattern updates enabled so that you can be assured you have the latest protection updates.

Sophos (XG) Firewall v18 MR6 is an easy and fully supported upgrade from XG Firewall v17.5 MR6+ (including the latest v17.5 MR16 release). Please refer to the Upgrade information tab in the release notes for more details.

How to get it

As usual, this firmware update is no charge for all licensed XG Firewall customers. The firmware will be rolled out automatically to all systems over the coming weeks, but you can access the firmware anytime to do a manual update through the Licensing Portal.  Please refer to the documentation for more information on how to apply firmware updates.


Learning more about upgrading to XG Firewall v18

And if you still haven’t upgraded to v18, or are still exploring many of the new features, be sure to take advantage of all the resources available, including the recent “Making the Most of XG Firewall v18” article series that covers all the great new capabilities in XG Firewall v18:

Xstream architecture, DPI engine, and TLS inspection

Xstream TLS Inspection for a modern encrypted Internet

FastPath Application Acceleration and SD-WAN Routing

Zero-day threat and ransomware protection

Network address translation (NAT)

Route-based IPsec site-to-site VPN

Switching to Sophos Central for Firewall Management

Also check out our new and improved Sophos Community XG Firewall home page! Subscribe to the XG Blog for the latest news and releases, get expert answers to your technical questions, and find useful Community-created content in our "Recommended Reads" section!

Parents Comment Children
  • I think it depends on your decision to stay in 18.0 branch (which, as you can see, is still supported and getting maintenance releases) or switch to newer 18.5 version if it's available for your appliance.

    Read the support pages about Firewall software maintenance policy.

    Regarding fixes, I think it all depends on the internal priorities in Sophos. Bug fixes and vulnerability patching most likely happens in all branches, while new features will likely be implemented in 18.5 only.