Hi XG Community!
We've released XG Firewall 17.5 MR13. Initially, the firmware will be available by manual download from the Licensing Portal. We will gradually release the firmware via auto-update to customers.
Please visit the following link for more information regarding the upgrade process: Sophos XG Firewall: How to upgrade the firmware.
Note: The upgrade from version 17.5 MR13 to 18.0 will follow soon.
To manually install the upgrade, you can download the firmware from the Licensing Portal. Please refer to Sophos XG Firewall: How to upgrade the firmware.
Can we get the detailed notes on the Security Fixes? This is highly irregular.
Thanks for the suggestion. Bad News, v18 MR1 also has this bug. I've been trying to figure this out for several days. I have tried your suggestion, but I still am unable to get my certificate to work. Only the appliance certificate works correctly.
I also agree with others here, the quality of Sophos updates has gone way down in the past years. Actually all XG firmware has been crap in my books.
Just leaving this for anyone of applied this update and got the dreaded error trying to get back to any of the Web GUI interfaces. I had to SSH into the box, and go to: 2 - System Configuration > 4 - Reset Default Web Admin Certificate
Then you can get into the Web GUI from the LAN side. You then have to change your certificate for the Web GUI to something without a space in it. Just re-import the same commercial cert you were using but make sure the name on the cert has no spaces. Then go back to Administration > Admin Settings and set the certificate under the "Admin console and end-user interaction" to whatever you just created without spaces.
This worked for me, but wow what an issue it was. Can't wait to get on version 18 to leave some bugs behind.
We reached out to some community participants who reported the issue of PR_END_OF_FILE_ERROR. Initial analysis pointed to - certificate validation failed due certificate AddTrust External CA Root for Sectigo root CA expired on May 30th 2020. more details/ access awaited for further analysis.
- Certificate validation issues for the Sectigo root CA https://community.sophos.com/kb/en-us/135536
Sticking with MR-12 for now after seeing all these comments. MR-12 worked great on a XG135, so I'm hoping it treats an XG430 the same. Definitely a bit worried with Sophos after this problematic update with minimal change log details. This is why I'll probably hold off on v18 for a long while.