After upgrading my XG everything looked okay except then some client vpns would no longer work properly.
Also has problems installing software that pulls update files down from a server.
We had lots of issues here today, including our cellular provider going down as well so I was non-stop putting out fires and workarounds so pardon the lack of details.
Long story short, I reverted my update from 18.0.4 to .3 and things started working again.
I looked and the .4 update that broke many user functions was to fix these issues that I was not even aware of.
Maintenance Release
.
Feature enhancements
HA - Cluster performance improvements to make Fastpath perform even better in an HA (A-P) cluster environment
HA - HA upgrade experience improvement – better alert & messages
HA - HA in AWS using AWS Transit gateway
VPN - IPsec remote access Advanced options (scadmin) in XG UI
VPN - Enforce TLS 1.2 for SSLVPN S2S/RA connection
VPN - Renamed "Sophos connect client" tab
VPN - Added option to download Sophos Connect client from user portal (for MAC & Windows)
Cloud - Cloud Optix can now see XG firewall deployed on AWS
Authentication - Option to create users for RADIUS in UPN format
Synchronized Application Control - Option to auto clean up Sync App Ctrl apps older than 1 month
Web and SSLx - IWF-listed sites (child pornography) are always blocked when web categorization is performed (also in 17.5 MR15)
Security - Upgraded SSL Security
Security - Secure encryption for storing admin password hash, admin (default administrator account) will be asked to change the password, Optional but recommended
Security - Password complexity have been enabled for all the passwords
Central Management - Improved support for HA pairs
Central Management - Import settings from an XG firewall when creating a firewall group in Central
Resolved issues
NC-59149 [API Framework] CSC hangs as all 16 workers remains busy
NC-50703 [Authentication] Access server restarted with coredump using STAS and Chrome SSO
NC-54576 [Authentication] Sophos Connect connections exhausting virtual IP pool
NC-57273 [Authentication] Create users for RADIUS in UPN format
NC-59129 [Authentication] Authentication Failed due to SSL VPN (MAC BINDING) - Logging does not carry any information for the cause.
NC-61017 [AWS] AWS: TX-DRP increases constantly and affecting production traffic
NC-59574 [Base System (deprecated)] Sometimes hotfix timer is deleted
NC-58587 [Clientless Access] Clientless access service crashes
NC-59411 [DNS] Unable to add "underscore" character in DNS host entry
NC-54604 [Email] POPs/IMAPs (warren) dropping connection due to ssl cache error
NC-59897 [Email] Specific inbound mail apparently not being scanned for malware
NC-60858 [Email] PDF attachment in inbound email got stripped by XG firewall Email Protection
NC-63870 [Email] XG creates infinite connection to self on Port 25
NC-59406 [Firewall] Kernel crashed due to conntrack loop
NC-59809 [Firewall] Loopback rule not hit when created using Server access assistance (DNAT) wizard and WAN interface configured with network rather then host
NC-59929 [Firewall] Firewall Rules not visible on GUI, Page stuck on Loading
NC-60078 [Firewall] WAF: Certificate can't be edit via API/XML import
NC-61226 [Firewall] Different destination IP is shown in log viewer for Allow and Drop firewall rule when DNAT is enabled
NC-61250 [Firewall] Memory leak (snort) on XG 430 rev. 2 running SFOS v18
NC-61282 [Firewall, HA] Failed to enable HA when a New XG is replaced in place of another XG.
NC-62001 [Firewall] Kernel Panic on XG550
NC-62196 [Firewall] Policy Test for Firewall, SSL/TLS and Web with DAY does not match with Schedule rule
NC-63429 [Firewall] Kernel stack is corrupted in bitmap hostset netlink dump
NC-65492 [Firewall] User is not able to generate access code for policy override
NC-59747 [Firmware Management] Upgrade to the v18 SR4 failed on Azure
NC-58618 [FQDN] [coredump] fqdnd in Version 18.0.2
NC-62868 [HA] HA - Certificate Sync fails in Aux
NC-64269 [HA] IPv6 MAC based rule not working when traffic is load balanced to Auxiliary
NC-64907 [HA] The auxiliary appliance crashes when broadcast packet is generated from it
NC-65158 [Hotspot] Voucher Export Shows Encrypted PSKs With SSMK
NC-57661 [IPS-DAQ-NSE] [NEMSPR-98] Browser 'insecure connection' message when NSE is on but not decrypting
NC-58391 [IPS-DAQ-NSE] TLS inspection causing trouble with incoming traffic
NC-61498 [IPS-DAQ-NSE] Symantec endpoint updates URL is getting failed when DPI interfere
NC-63242 [IPS-DAQ-NSE] SSL/TLS inspection causing outbound problems with Veeam backups
NC-59774 [IPsec] Charon shows dead Status
NC-59775 [IPsec] Follow-up: Sporadic connection interruption to local XG after IPsec rekeying
NC-60361 [IPsec] Intermittently incorrect IKE_SA proposal combination is being sent by XG during IKE_SA rekeying
NC-61092 [IPsec] Strongswan not creating default route in table 220
NC-62749 [IPsec] Responder not accepting SPI values after its ISP disconnects
NC-61101 [L2TP] Symlink not created for L2TP remote access
NC-62729 [L2TP] L2TP connection on alias interface not working since update to v18
NC-59563 [Licensing] Apostrophe in email address : Unable to load the "Administration" page from System > Administration
NC-63117 [Logging Framework] Garner is core-dumping frequently
NC-61535 [Network Utils] Diagnostics / Tools / Ping utility not working with PPPoE interface
NC-62654 [nSXLd] NSXLD Coredump caused device hang
NC-59724 [RED] Back-up from v17.5 MR10 Fails to Restore on v18
NC-60081 [RED] Unable to specify Username and Password when using GSM 3G/UMTS failover
NC-60158 [RED] FQDN host Group appearing in RED configuration - Standard /split network
NC-60854 [RED] Red S2S tunnel static routes disappear on firmware update
NC-63803 [RED] FailSafe Mode After Backup Restore - Reason Unable To Start RED Service
NC-55003 [Reporting] Keyword search engine report not working
NC-59106 [Reporting] Security Audit Report missing information in "Number of Attacks by Severity Level" section
NC-60430 [Reporting] XG firewall send duplicate copies of schedule executive report
NC-60851 [Reporting] Scheduled reports won't be sent
NC-62804 [SecurityHeartbeat] Registration to central security heartbeat does not work via upstream proxy
NC-62182 [SFM-SCFM] Admin can not able to change password of SF 18.0 device from SFM/CFM device level
NC-61313 [SNMP] Memory Utilization mismatch between UI and atop/SNMP.
NC-64454 [SNMP] XG86 - /tmp partition becomes 100% full because of snmpd logs
NC-53896 [SSLVPN] Enforce TLS 1.2 on SSL VPN connections
NC-60302 [SSLVPN] All the SSL VPN Live connected users get disconnected when admin change the group of one SSL VPN connected user
NC-60184 [UI Framework] Missing HTTP Security Headers for HSTS and CSP
NC-61206 [Up2Date Client] XG Fails To Fetch hotfixes/patterns : File /conf/certificate/u2dclient.pem Missing
NC-62689 [VFP-Firewall] When fastpath (firewall-acceleration) is enabled ,traceroute will show time-out on the XG hop
NC-63783 [VFP-Firewall] Unable to start the IPS
NC-64470 [VFP-Firewall] Auto reboot/nmi_cpu_backtrace due to VFP.Disabling firewall acceleration did fix the issue
NC-63058 [VirtualAppliance] Incorrect Virtual XG Firewall Model Name Showing in GUI and CLI
NC-47994 [Web] Pattern updates for SAVI and AVIRA are failing
NC-54173 [Web] URL Group - add URL control fails on leading/trailing whitespace
NC-51888 [WebInSnort] IPP/AirPrint not accessible after upgrade software appliance firmware to 18.0 EAP1
NC-54978 [WebInSnort] When a HTTPS connection is not decrypted, the reports will show a hit to the site but no bytes sent/received
NC-62448 [WebInSnort] Core dump on Snort
NC-63515 [WebInSnort] NSE: Unsupported EC type with App control and web policy
NC-64875 [WebInSnort] HTTP Pipelining errors in DPI mode with non-pipelined traffic
The event viewer was not clear to what was happening.
Anyone else have Client VPN or Software download issues after upgrading? In particular Corel Video Studio
This thread was automatically locked due to age.
