Hi XG Community!
We now have SFOS v17.1.0 GA available. Here's everything you need to know.
Right now, the release is available as manual upgrade to all SFOS versions via MySophos portal.
Please see the following KBA - Sophos Firewall: How to upgrade the firmware: KBA 123285
On-the-box upgrade (new firmware available pop-up & Check for new Firmware) will be made available a little later. Also, On-the-box upgrade will be released in a staged manner i.e. increasing the staged count incrementally over time.
Check out all the enhancements in XG Firewall v17.1 including the new Cloud Application Visibility feature in our XG Firewall v17.1 demo video.
You can find the PDF of what's new here: Sophos XG Firewall v17.1 Whats New.pdf.
In case you are managing your Firewalls using SFM/CFM, Firewalls running SFOS 17.1 GA won’t accept application filter rules when applied from a device group or template. You can manage application rules from the device-level view in SFM/CFM until this limitation is addressed in SFOS 17.1 MR-1.
To manually install the upgrade, you can find the firmware for your appliance at MySophos portal. Please see the following KBA - Sophos Firewall: How to upgrade the firmware: KBA 123285.
Please note that v17.1 is not yet available for XG 85(w) devices. We expect to have support for the XG 85(w) in the next release. Thank you for your patience.
Why is 17.1 not available for XG105 devices, or any of the CR devices?
Your release notes say it's not available for XG85 but does not mention these other ones?
What about XG 105? Above it says not released to XG 85, but no download or updating from console for XG 105?
SSL VPN stop to work with error ssl3_get_record:descryption : failed or bad record mac
After upgrading this firmware, The MAC filtering rule is not working.
We ran fine for a week on 17.1 and now appears we've run back into ipsec bugs. We had a tunnel go down on its own this morning and now all we see is "parsing IKE message from <ip address> failed". No changes on either end. Interesting thing is that we had this issue on other tunnels in previous versions of XG, but it's a new issue on this specific tunnel.