Hi XG Community!

We've released XG Firewall 17.5 MR14. Initially, the firmware will be available by manual download from the Licensing Portal. We will gradually release the firmware via auto-update to customers.

Please visit the following link for more information regarding the upgrade process: Sophos XG Firewall: How to upgrade the firmware.

Note: The upgrade from version 17.5 MR14 to 18.0 will follow soon.

Maintenance Release

  • Provides CLI option to disable captcha authentication separately for the webadmin and user portal either globally (including WAN zone) or only on the VPN zone. Also resolves captcha authentication issue for IPv6 on LAN zone
  • Provides updated Geoip mapping database
  • Many issues resolved

Important Issues Resolved

  • NC-59129 [Authentication] Authentication Failed due to SSL VPN (MAC BINDING) - Logging does not carry any information for the cause.
  • NC-51919 [Firewall] Appliance is getting auto rebooted with Kernel dumps intermittently
  • NC-52429 [Firewall] Web admin access lost for 10+ minutes after HA fail-over in case of DNAT policy configured with FQDN
  • NC-58339 [Firewall] Local ACL Exception rule doesn't work if Any-Any drop firewall rule is created
  • NC-59063 [Firmware Management] Remove expired CAs from SFOS
  • NC-53173 [IPsec] Intermittent connection interruption to local XG IP after IPsec rekeying, when we have conflicting left and right subnets
  • NC-58091 [IPsec] Sporadically unable to connect SA's on IKEv2 S2S Tunnel
  • NC-58983 [IPsec] Intermittently incorrect IKE_SA proposal combination is being sent by XG during IKE_SA rekeying.
  • NC-59440 [IPsec] IPsec tunnel not getting reinitiated after PPPoE reconnect
  • NC-59071 [IPsec] IPsec S2S VPN tunnels partially connected or gets disconnected (Charon shows dead status)
  • NC-46109 [RED] No proper forwarding if bridging 3 or more RED s2s tunnels on an XG
  • NC-60854 [RED] Red S2S tunnel static routes disappear on firmware update
  • NC-60162 [Reporting] Internal Server Error for Web admin or user portal on XEN virtual platform
  • NC-30728 [SSLVPN] Compression settings not applied for IPv4 and IPv6 (SSLVPN remote access). Basically configuration settings for comp-lzo attribute are incorrect in the ovpn file.
  • NC-59080 [SSLVPN] Performance improvements in SSLVPN (Site to Site)
  • NC-59626 [SSLVPN] SSLVPN in busy state : HA
  • NC-59970 [SSLVPN] All the SSL VPN Live connected users get disconnected when admin change the group of one SSL VPN connected user
  • NC-58165 [Static Routing] Geoip db update
  • NC-59932 [UI Framework] Unable to login to user portal or web admin console using Internet Explorer 11
  • NC-61956 [UI Framework] WebAdmin Console/User Portal not accessible after 17.5 MR13 upgrade because space in certificate name
  • NC-56821 [Up2Date Client] SSLVPN client downloading with the 0KB in HA
  • NC-50274 [Web] Unable to block .bat files
  • NC-50710 [Web] Username is not showing up in the captive portal when the user logged in while using custom HTML template

 

Download

To manually install the upgrade, you can download the firmware from the Licensing Portal. Please refer to Sophos XG Firewall: How to upgrade the firmware.

Parents
  • If you have problems with the webfilter after upgrade to MR-14: In my case loads of websites did not load correctly. This is because in MR-14 the file types group “executeables” have been modified:

    MR-14

    application/bat,application/textedit,application/x-bat,application/x-dosexec,application/x-msdos-program,text/x-msdos-batch,text/x-shellscript

    MR-13

    application/bat,application/x-bat,application/x-msdos-program,application/textedit,application/x-dosexec

    Create a clone of the group and use the setting from MR-13 - this resolves the problem.

Comment
  • If you have problems with the webfilter after upgrade to MR-14: In my case loads of websites did not load correctly. This is because in MR-14 the file types group “executeables” have been modified:

    MR-14

    application/bat,application/textedit,application/x-bat,application/x-dosexec,application/x-msdos-program,text/x-msdos-batch,text/x-shellscript

    MR-13

    application/bat,application/x-bat,application/x-msdos-program,application/textedit,application/x-dosexec

    Create a clone of the group and use the setting from MR-13 - this resolves the problem.

Children
No Data