Hi XG Community!

We've released a new build of XG Firewall 17.5 MR14-1 (17.5.14.714). Initially, the firmware will be available by manual download from the Licensing Portal. We will gradually release the firmware via auto-update to customers.

Please visit the following link for more information regarding the upgrade process: Sophos XG Firewall: How to upgrade the firmware.

Note: The upgrade from version 17.5 MR14-1 (17.5.14.714) to 18.0 will follow soon.

Maintenance Release

  • In the previous build of v17.5 MR14, we observed an issue with websites not working after the upgrade if admin has configured a policy to block or warn “Executable Files”. This new build resolves that specific issue.

Issues Resolved in 17.5 MR14-1 (17.5.14.714)

  • NC-62619 [Web] Some websites not working after upgrade to v17.5 MR14 if admin has configured a policy to block or warn “Executable Files”.

Issues Resolved in the older release of 17.5 MR14 (17.5.14.714)

  • Provides CLI option to disable captcha authentication separately for the webadmin and user portal either globally (including WAN zone) or only on the VPN zone. Also resolves captcha authentication issue for IPv6 on LAN zone
  • Provides updated Geoip mapping database
  • NC-59129 [Authentication] Authentication Failed due to SSL VPN (MAC BINDING) - Logging does not carry any information for the cause.
  • NC-51919 [Firewall] Appliance is getting auto rebooted with Kernel dumps intermittently
  • NC-52429 [Firewall] Web admin access lost for 10+ minutes after HA fail-over in case of DNAT policy configured with FQDN
  • NC-58339 [Firewall] Local ACL Exception rule doesn't work if Any-Any drop firewall rule is created
  • NC-59063 [Firmware Management] Remove expired CAs from SFOS
  • NC-53173 [IPsec] Intermittent connection interruption to local XG IP after IPsec rekeying, when we have conflicting left and right subnets
  • NC-58091 [IPsec] Sporadically unable to connect SA's on IKEv2 S2S Tunnel
  • NC-58983 [IPsec] Intermittently incorrect IKE_SA proposal combination is being sent by XG during IKE_SA rekeying.
  • NC-59440 [IPsec] IPsec tunnel not getting reinitiated after PPPoE reconnect
  • NC-59071 [IPsec] IPsec S2S VPN tunnels partially connected or gets disconnected (Charon shows dead status)
  • NC-46109 [RED] No proper forwarding if bridging 3 or more RED s2s tunnels on an XG
  • NC-60854 [RED] Red S2S tunnel static routes disappear on firmware update
  • NC-60162 [Reporting] Internal Server Error for Web admin or user portal on XEN virtual platform
  • NC-30728 [SSLVPN] Compression settings not applied for IPv4 and IPv6 (SSLVPN remote access). Basically configuration settings for comp-lzo attribute are incorrect in the ovpn file.
  • NC-59080 [SSLVPN] Performance improvements in SSLVPN (Site to Site)
  • NC-59626 [SSLVPN] SSLVPN in busy state : HA
  • NC-59970 [SSLVPN] All the SSL VPN Live connected users get disconnected when admin change the group of one SSL VPN connected user
  • NC-58165 [Static Routing] Geoip db update
  • NC-59932 [UI Framework] Unable to login to user portal or web admin console using Internet Explorer 11
  • NC-61956 [UI Framework] WebAdmin Console/User Portal not accessible after 17.5 MR13 upgrade because space in certificate name
  • NC-56821 [Up2Date Client] SSLVPN client downloading with the 0KB in HA
  • NC-50274 [Web] Unable to block .bat files
  • NC-50710 [Web] Username is not showing up in the captive portal when the user logged in while using custom HTML template

 

Download

To manually install the upgrade, you can download the firmware from the Licensing Portal. Please refer to Sophos XG Firewall: How to upgrade the firmware.

Parents
  • All good, just a warning to others, I was going to jump from SFOS 17.5.13 MR-13 to HW-18.0.2_MR-2.SF300-403 because email from sophos recommended so, 18.0.2 firmware was available to download from my Sophos licensing portal, while uploading new firmware to my device I noticed a small screen that flashed past my eyes in two second with text stating something about "reset to factory default!!!", keeping my figer cross I was hoping device is not restarting, I postponed that idea immediately  and went to one step up to SFOS 17.5.14-714.  So far all good with the 17.5.14-714. Sophos could you please add a warning to downloads if you don't have a migration path available from previous version!

Comment
  • All good, just a warning to others, I was going to jump from SFOS 17.5.13 MR-13 to HW-18.0.2_MR-2.SF300-403 because email from sophos recommended so, 18.0.2 firmware was available to download from my Sophos licensing portal, while uploading new firmware to my device I noticed a small screen that flashed past my eyes in two second with text stating something about "reset to factory default!!!", keeping my figer cross I was hoping device is not restarting, I postponed that idea immediately  and went to one step up to SFOS 17.5.14-714.  So far all good with the 17.5.14-714. Sophos could you please add a warning to downloads if you don't have a migration path available from previous version!

Children
No Data