Good morning all,

Kindly help me check the update message below. It was an update message on my shopos X135 firewall device asking me to update the software. Please what is the implication  of this in case I go ahead with the update.

A quick response is highly appreciated.


[0:28 pm, 08/01/2022] Pastor_1960bet: UPDATE ON SOPHOS
[0:28 pm, 08/01/2022] Pastor_1960bet: A new firmware SFOS 18.5.2 MR2-Build380 is available. We strongly recommend that you upgrade the device.
SFOS 18.5.2 MR2-Build380
Maintenance Release
FIPS 140-2 certified. Crypto Module on SFOS v18.5 MR2 (and future MRs of v18.5) is now FIPS 140-2 Level 1 certified for XGS series hardware as well as SFOS running on virtual machines.
Added support for GCM and suite-B ciphers for IPSec VPN. AES-GCM for IPSec significantly improves IPsec VPN performance.
Increased ideal timeout for IPsec remote access connections up to 6 hours.
MASQ rule for Route Based IPSec (RBVPN) will now use XFRM IP instead of WAN IP in the source NAT.
Improved MFA (TOTP) Authentication Added MFA support for the admin account. Added alert notification of admin account without MFA. Streamlined MFA admin experience with easier to discover and enable MFA configuration.
Active Directory enhancements for multiple group membership. Web UI will show all the groups that the user belongs to.
Certificate enhancements. More useful information about different certificate authorities. Easily find out locally added certificates, a certificate that has private keys. Easily download a copy of the public part of any certificate so that you can check/confirm.
Troubleshooting report (CTR) enhancement. Capture full troubleshooting logs including log file rotation in the CTR. Ability to generate CTR from the backend. Eliminate UI timeout and freezing issues during CTR generation.
Introduces Sophos Assistant - a new interactive help that also makes configuration setup easier by enabling "guide me" flows.
Enabled credential free registration for Sophos Central.
Added new domains for TLS exclusion list (gotowebinar,, cdn-apple, mzstatic,,
Visual indication of ISO re-image completion status through port LEDs or on device LCM screen for XGS series hardware.
Added support for Cloudflare DDNS provider.
Global IPS Switch � A new global switch has been added to the Intrusion Prevention > IPS policies tab to enable or disable IPS. If you were previously using IPS, This switch will be set to ON automatically when migrating to v18.5 MR2.
Installation wizard now provides default option for a 2 port bridge rather than all ports in a single bridge default config earlier.
Xstream Flow Processor driver update related to performance optimizations, mandatory for XGS 4300/4500/5500/6500.
Upgraded JQuery version to 3.5.x.
Enables hardware reset on XGS 87 and 107. A long press of the hardware reset button perform a factory reset to help recover from a bad configuration.
Fixed 110+ Field reported issues.
Resolved issues
NC-61909 [API Framework] i18n config and actual config name(in tbldefaultconfigini18n) mapping issue
NC-72851 [AppFilter Policy] Importing Application filter policy (Using Import/Export option) changes the rules and list of applications within rules when any of the rule contains characteristics as cloud application.
NC-62245 [Authentication] OTP settings can't add Groups as OU
NC-66087 [Authentication] XG v18: AD Group import failing
NC-67997 [Authentication] csd service is in stopped state
NC-69111 [Authentication] Cannot export remote Users from XG
NC-70877 [Authentication] guest_user_purging opcode getting failed due to large payload size
NC-72492 [Authentication] Unable to get the password via SMS for the Guest User who already got password once.
NC-72664 [Authentication] XG not initiating request to AD server on Port 6677 after appliance reboot
NC-75783 [Authentication] LDAP authentication with anonymous login is not working
NC-75269 [Backup-Restore] Upgrade error unique index "tbllocalservicedetails_pkey"
NC-65200 [Clientless Access] No key recognition after pressing the Windows key in Clientless Access
NC-70067 [CM (Join to Cloud)] Central Registration alert does not disappear after registration
NC-68228 [Config Migration Framework] "/conf" partition is at 99%
NC-64973 [CSC] Split networks not reachable in case the definition name contains special characters
NC-67761 [CSC] System startup fails when a large number of users are included in a single firewall rule
NC-68187 [DDNS] Unknown error while generating DynDNS IP
NC-54308 [Email] HSTS not offered on port 8094
NC-54523 [Email] Yahoo email account configured in email client not working with IMAPS scanning
NC-63872 [Email] DKIM verification being applied to outbound emails and emails are getting quarantined .
NC-65198 [Email] False positive for CCL with words "credit card" in body
NC-65533 [Email] Misleading message in notification settings for external email server.
NC-65831 [Email] Same Email Displayed for different "reason" filter in mail log
NC-66068 [Email] DKIM signing not happening for Out Of Office or NDR or Bounced messages
NC-66194 [Email] High CPU utilization by mailscanner
NC-67606 [Email] Unable to update certificate in TLS smtp using API
NC-68176 [Email] Not possible to use special characters in password for external E-Mail notification server
NC-68979 [Email] Korean Language is broken in the email body which is encrypted with SPX
NC-70863 [Email] Unable to delete quarantine email
NC-71555 [Email] Getting certificate related error while accessing Outlook client with POP3 scanning rule enabled on XG.
NC-74101 [Email] Email delivery issue due to Brazilian character
NC-74791 [Email] Quarantine Digest is sending email 6 minutes earlier before the configured time
NC-69456 [Firewall] Device goes into Failsafe Mode after Backup restore (Unable to apply Firewall Framework)
NC-71595 [Firewall] DNAT rule not working when migrated from CROS > 17.5MR15
NC-74603 [Firewall] WebAdmin Denied Appliance Access Attempt log shows dst port as a custom port : 65003 instead of external port: 4444
NC-76521 [Firewall] Firewall ID doesn't display in ID column
NC-76742 [Firewall] XG goes into the failsafe after the back-up is uploaded
NC-79110 [Firewall] Failed to Restore backup from 17.5MR16 to v.18.0MR6
NC-70568 [Firmware Management] AUX executive report over email not coming on proper time
NC-67675 [HA] Systems goes into failsafe mode if an interface is added in discover mode when HA is enabled
NC-73926 [HA] Unable to access Web : HA Active-Active Load balancing
NC-74735 [HA] AUX reboots during an HA switchover
NC-75844 [HA] Traffic issues on HA Active-Active Mode
NC-75870 [HA] QuickHA page stuck and unable to stop it
NC-62120 [Interface Management] Backup restore not possible
NC-70251 [IPS Engine] IPS service dead after enabling the HA A-P
NC-79029 [IPS Engine] IPS restarting with Coredump.
NC-79943 [IPS Engine] IPS Service is dead
NC-79335 [IPS Ruleset Management] IPS enable toggle switch - loading icon
NC-79386 [IPS Ruleset Management] Wrong sig date on IPS Policy screen in Migration scenario
NC-72949 [IPS-DAQ] Print Jobs won't work with DPI engine
NC-63177 [IPS-DAQ-NSE] DPI causing trouble with SSL 2.0 client hello's
NC-69314 [IPS-DAQ-NSE] Dropped due to TLS engine error: CORRUPT_RECORD
NC-67952 [IPsec] ESP sequence number mismatch
NC-68461 [IPsec] Kernel Panic skb_copy_and_csum_bits after update to MR4
NC-68531 [IPsec] Getting error when creating remote access IPsec VPN
NC-69303 [IPsec] IPsec connection configured with Certificate fails to connect
NC-69335 [IPsec] Unable to delete IPSec Connection which is on second UI page
NC-69993 [IPsec] All IPsec Down , DGD service Stopped, Gateway Missing After 30 minutes
NC-70320 [IPsec] Unable to make changes with OUs present
NC-72920 [IPsec] XFRM packet loss on route based ipsec vpn
NC-72934 [IPsec] ChildSA disconnection issue with Idle setting enabled in Sophos Connect
NC-73703 [IPsec] Unable to connect to Sophos Connect due to incorrect PSK in KVM HA setup.
NC-74864 [IPsec] Unable to Download VPN IOS profile from User portal when Authentication mechanism is certificate for Sophos Conect.
NC-74891 [IPsec] Query and behavior about Email notification Discrepancy � V18 MR-5 HA
NC-75030 [IPsec] Charon crash in adopt_children_job.c execute
NC-75159 [IPsec] IPSec failover not working and customer has to toggle Failover Group to make tunnel up again
NC-75543 [IPsec] Tunnel is not coming up as traffic is passing via wrong interface.
NC-75990 [IPsec] IPsec tunnel not coming up until service is restarted
NC-76400 [IPsec] Apple iOS IPsec VPN Client Configuration
NC-77729 [IPsec] IPsec tunnel not getting reconnected after PPPOE reconnected
NC-77938 [IPsec] Unable to deactivate failover group
NC-62880 [Logging Framework] Sentry reported coredump in crformatter_free_data
NC-67803 [Logging Framework] Live connection page not loading
NC-72955 [Logging Framework] active.db corruption: Enhance recovery logic for tbllog_config tbllog_docsize
NC-70057 [Network Utils] Intermittent WAN connectivity issue for firewall running on Azure
NC-65567 [RED] Split networks aren't reachable anymore in case you change settings in the transparent/split mode
NC-67340 [RED] All the Red50's got disconnected
NC-68277 [RED] RED site-to-site tunnel failover doesn't always work
NC-70783 [RED] The GUI access of the Primary appliance is lost when we save RED interface.
NC-75175 [RED] Corrupt entry in tblreddevice causing red service to fail starting
NC-78401 [RED] RED keep-alive logic improvements
NC-78512 [RED] Split networks aren't reachable from RED network for one RED device
NC-70243 [Reporting] Reports stop generating after 1-Jan-21
NC-79404 [Reporting] Log Viewer is not returning results from /var/eventlogs/
NC-68324 [SDWAN Routing] FTP data connection issue with SD-WAN Policy route
NC-77289 [Security, Web] The db testpass is not always encrypted correctly
NC-68839 [SSLVPN] All users not able to download Sophos connect client from user portal
NC-70041 [SSLVPN] Incorrect Count for Remote users/connected user
NC-73617 [Static Routing] Mandatory configuration while deleting the static route through API
NC-72545 [SupportAccess] Duplicate support access id due to backup / restore
NC-68263 [UI Framework] Unable to access the GUI randomly
NC-66980 [VFP-Firewall] Kernel Panic RIP: 0xffffffffa0859718
NC-69286 [VFP-Firewall] ICMP times out when Firewall Acceleration is enabled
NC-73089 [VFP-Firewall] Ports not added to LAG
NC-77771 [VFP-Firewall] Kernal panic: unable to handle kernel paging request at ffff88036e000000
NC-60855 [Web] Unable to restore backup from CR100iNG v10.6.6 MR-5 to XG210 MR-12
NC-66966 [Web] Not able to login cpanel server with direct proxy
NC-68194 [Web] Unable to Reset Web Quota
NC-69945 [Web] Awarrenhttp is DEAD
NC-72694 [Web] SSL/TLS Inspection does not work for SMTP
NC-76041 [Web] XGS6500: AVD Thread Count anomaly observed.
NC-80658 [Web] Tomcat Internal server error because "Maximum number of DB connections exceeded"
NC-68226 [WebInSnort] Google website not opening with dpi and app control
NC-70030 [WebInSnort] Unable to show the Username using the Custom Block Page using the DPI method
NC-71216 [WebInSnort] Unable to access MS TFS hosted on LAN network through SSL VPN
NC-73800 [WebInSnort] Websites being blocked with custom Application Control policy being applied
NC-50232 [Wireless] LocalWiFi : Inbuilt Wireless Stops broadcasting
NC-62169 [Wireless] Wireless APs are not able to lease IPs in separate zone
NC-70733 [WWAN] USB Dongle Huawei E8372 not reconnecting after a Power Cycle
NC-79452 [XGS BSP] Slow upload speed XGS2100 over 1G interfaces set 100Mbps speed

Added TAGs
[edited by: emmosophos at 4:36 PM (GMT -8) on 17 Jan 2022]