Hi XG Community!
We've finished SFOS v16.05.4 MR4. This release is available from within your device for all SFOS v16.05 installations as of now and will increase the group in a few days.
The release is available to all SFOS version via MySophos portal.
NC-12352 [Authentication] It should not possible to change the password of backend userNC-16959 [Authentication] SATC client is not differentiating between usersNC-17300 [Base System, Certificates, License] During the first license sync sometimes the wrong certificate is storedNC-17701 [Base System, License] License activation screen improvementsNC-14028 [Base System] RED site-to-site tunnel disconnects permanently when quick assist is usedNC-15911 [Base System] XG not listening on port 9922 used for SAANC-16164 [Base System] Garner dies due to memory corruptionNC-16742 [Base System] Installation not possible on HP DL380G5 / DL360G5NC-16743 [Base System] Awarrenhttp, Awarrenmta, Warren services die after upgradeNC-17035 [Base System] Migration from CR 10.06.4020 to SF 16.05 MR1 failedNC-18049 [Base System] Not able to upgrade firmware from loader as 2 GB memory check failsNC-17432 [Certificates] Certificate with ID email has wrong ID after importNC-17246 [Clientless Access(HTTP/HTTPS)] URL rewrite inside HTML document not workingNC-15855 [Firewall] Adding a zone without any service failsNC-16090 [Firewall] Source port changes to random over IPSec VPNNC-16695 [Firewall] Protect > Intrusion Prevention - column name text wrapped several times in Japanese languageNC-16728 [Firewall] Display issues when editing firewall rules in Traditional and Simplified ChineseNC-17068 [Firewall] XG not forwarding IPv6 echo request which has no next header (next header=59) in IPv6 header or in extension headerNC-17069 [Firewall] No ICMPv6 parameter problem sent when receiving unrecognized/unassigned next header in IPv6 header or in extension headerNC-17350 [Firewall] IP family wise network/host validation is not done while adding local ACL rule via APINC-17459 [Firewall] App Filter (microapp enabled) causes port 443 traffic to be forwarded to proxyNC-17463 [Firewall] Upgrade from SF 15.01 MR3 to SF 16.05 GA results in factory resetNC-17519 [Firewall] Wrong country classification for IP addressNC-17730 [Firewall] "HTTP service" message displays even HTTP service not there after saving the zoneNC-17731 [Firewall] HTTPS service can be removed from zone, when accessing UI from bridge IP bound to same zoneNC-17732 [Firewall] Duplicate entry of members are seen, when editing the default zones if members are associated with itNC-16712 [Framework part of Base] HA node in failsafe mode after software upgradeNC-17259 [Framework part of Base] Unable to see live graph from WAN zone and interface infoNC-11687 [Framework(UI)] Changing system time requires reloginNC-15270 [Framework(UI)] Not able to select start date and end date for wireless time-based accessNC-1701 [Framework(UI)] TAB focus is not visible in ChromeNC-17488 [Framework(UI)] Tooltips behave strange and point to a wrong elementNC-18071 [Framework(UI)] Cannot filter for 'Rule Type' in Log ViewerNC-3965 [Framework(UI)] Cookie not reset after auto logout in userportalNC-16470 [Galileo Heartbeat] Traffic will be dropped due to Heartbeat if the client is connected to the same Network over LAN and Wifi at the same timeNC-16599 [Galileo Heartbeat] Crash of heartbeatd after "Broken Pipe"NC-15319 [HA] IPsec VPN not connecting after HA fail over through monitoring portNC-16832 [Hotspot] Minor UI inconsistency when trying to delete multiple hotspotsNC-17440 [Hotspot] Two mail notifications sent when using "Password of the day" in HANC-16639 [IDS + AppControl] Wrong risk level for Facebook Graph API and App is missing in "Very High Risk (Risk Level 5)" apps groupNC-17796 [IDS + AppControl] Not able to configure QoS policy to application category 'IM+ Android'NC-13255 [IPS] Service stopped/unregistered state after disabling firewall-acceleration in HA modeNC-15636 [IPS] Unable to start IPS service on SW/VM appliancesNC-15710 [IPS] DHCP option 67 is not working properlyNC-17245 [IPS] IPS engine is not getting reply packets in TAP modeNC-18368 [IPS] WINGc categorization not working in TAP modeNC-5474 [IPS] IRQs not set correctly with appropriate CPU for given port-affinityNC-18197 [License] Administration part of the webadmin page is inaccessibleNC-13375 [Mail Proxy] Email Quarantine only shows first part of dayNC-17346 [Mail Proxy] SPX - after registering it takes time before first message is sentNC-17804 [Mail Proxy] Incorrect total utilization value shown in SMTP quarantineNC-17920 [Mail Proxy] Network can also be selected in host list while creating SMTP policy in MTA modeNC-18044 [Mail Proxy] SMTP service restarts sometimes on high loadNC-18296 [Mail Proxy] Email address is truncated in notifications if sender address contains special charsNC-4480 [Mail Proxy] MIME filter,SMTP/S: Attachment name with i18n character is not proper in mail bodyNC-16898 [Network Services] Unable to add FQDN host using double dash (--)NC-17276 [Network Services] IPv6 SLAAC does not work according to RFCsNC-17699 [Network Services] Unable to delete bridge interface when bridge host used in SSL VPN Remote AccessNC-16275 [Networking] IPSec S2S - DHCP reply packet is not forwarded to LAN when PPPOE is enabled on WAN interfaceNC-16837 [Networking] WWAN name should be updated to cellular WANNC-6943 [Networking] PIM - Interface update from DHCP to PPPoE sets Candidate RP IP to undefinedNC-17375 [RED] DHCP server settings will be reset to default if you change anything in the RED interfaceNC-17515 [RED] Monitoring Avaibility->Display wrong colour code and tooltip status for RED statusNC-18017 [RED] RED Tunnel unstable via PPPOENC-16690 [Reporting] Double byte caracters in PDF are corruptNC-16729 [Reporting] Junk character in report PDF in Traditional Chinese languageNC-16992 [Reporting] Sandstorm records disappear after some timeNC-17330 [Reporting] Unable generate custom report with around 50000 recordsNC-17360 [Reporting] Daily report scheduling doesn't work correctly with "Send email at 24 Hours"NC-17433 [Reporting] Long title runs off at the end of the PDF page for custom reportsNC-17765 [Reporting] VPN traffic in executive repoprt shows no dataNC-16257 [Routing] OSPF multicast group limit reachedNC-17847 [SSLVPN] Wrong info message when saving global SSL VPN settingsNC-6580 [SSLVPN] Disconnecting SSL VPN connections has to take remote port into accountNC-17469 [SupportAccess] Service warning on deactivated SupportAccessNC-11118 [UI] Improve browser console for long syntaxNC-17965 [UI] Language Selection on login doesn't change the labels in the login maskNC-15815 [VPN] Incorrect IPSec configuration pushed by SFMNC-17260 [VPN] Import of configuration files not workingNC-17768 [VPN] Cannot enable Cisco VPN if last remaining user stated on VPN screen is removed from the user's screenNC-17863 [WAF] XG85 /tmp Partition is filling upNC-18010 [WAF] Fix segmentation fault in mod_xml2enc for multi-byte charsetsNC-18047 [WAF] Special characters are encoded when HTML rewrite is enabledNC-13221 [Web] Extra parameters pushed from SFM to SFOS for web settingsNC-13909 [Web] HTTPS traffic is proxied but Web Proxy is turned offNC-13960 [Web] SFOS breaks auto-update on SAV for MacNC-16693 [Web] Protect > Web some strings are cut offNC-16730 [Web] No captive portal redirection for new requested URL configured in exception with "Skip Policy Checks" actionNC-17398 [Web] Unauthenticated user is able to access the Whatsapp/Facebook applicationNC-17481 [Web] Captive Portal redirecting to empty IP addressNC-17740 [Wireless] Rogue AP scan failed in log viewerNC-18006 [Wireless] LocalWiFi - failed to configure IP address on WiFi interfaceNC-18025 [Wireless] Rogue AP Scan failed when click on "Scan Now"
You can find the firmware for your appliance from in MySophos portal.
Looking forward to testing these items, as I had all three:
NC-17740 [Wireless] Rogue AP scan failed in log viewer (in MR1 I had this turned off)
NC-18006 [Wireless] LocalWiFi - failed to configure IP address on WiFi interface (in MR 1 I had to restart the device)
NC-18025 [Wireless] Rogue AP Scan failed when click on "Scan Now" (as above)
Looks good so far..... :-)
is the Subject Alternative Name fixed in this MR? Nothing is reported about it in the RN.
Update 2 after 1 day: The IPS upate2date package 3.13.55 solved the issue for me.
Basically I had the same problem as described here: community.sophos.com/.../ips-policy-slow-after-update-to-mr2
Update: The problems seems to occur with custom selections in Platforms. After a reboot the list will be displayed after some minutes of waiting while postgres is running at 100%.
When I access the IPS signature selection screen the process postgres is starting to use one CPU at 100% for some minutes. The signatures won't be displayed at all.