Hi Community,

The latest maintenance release (MR15) for SFOS v17.5 is now available through the MySophos licensing portal.

Maintenance Release

  • Several security and hardening enhancements
  • SSMK (Secure Storage Master Key) for the encryption of sensitive data
  • Secure encryption for storing admin password hash
    • Admin (default administrator account) will be asked to change their password
    • Optional but highly recommended
  • Password complexity have been enabled for all the passwords

Important Issues Resolved

  • NC-61620 [Authentication] Not Able To Restore Backup From CR50iNG To XG135
  • NC-62695 [Authentication] SATC: Users Are Not Coming In Live
  • NC-58344 [Clientless Access] [SMB Bookmark] Delete file/folder with specific special characters in name, Deletes all contents of shared from smb server
  • NC-62210 [Firewall] CSC Unresponsive After Back-Up Is Uploaded From An HA Pair
  • NC-65158 [Hotspot] Voucher Export Shows Encrypted PSKs With SSMK
  • NC-62807 [IPsec] Responder Not Accepting SPI Values After Its ISP Disconnects
  • NC-63825 [PPPoE] For 17.5- PPPoE Link Does Not Reconnect After Disconnecting
  • NC-62024 [RED] XG86 /tmp Partition Fills Up
  • NC-62072 [RED] RED Log Folders Are 1 Month Behind
  • NC-63803 [RED] FailSafe Mode After Backup Restore - Reason Unable To Start RED Service
  • NC-63904 [RED] Network Tab Slow Loading Issue
  • NC-60457 [SSLVPN] Incorrect Count of Remote User's
  • NC-60863 [UI Framework] Improper Color Status In Control Center Widget
  • NC-61206 [Up2Date Client] XG Fails To Fetch hotfixes/patterns : File /conf/certificate/u2dclient.pem Missing
  • NC-63058 [VirtualAppliance] Incorrect Virtual XG Firewall Model Name Showing in GUI and CLI


To install, you can download the firmware from the Licensing Portal. Please refer to Sophos XG Firewall: How to move to a different firmware version.

Parents Comment Children
  • RED Firmware is not related to XG Firmware. You can upgrade the RED Firmware without the firmware of XG. As far as i know, there will be a new firmware for RED soon. 

  • Hi, can you explain a bit more, what are you seeing? We have an SD 60 (two actually, we replaced the hardware with a spare we had, happens with both of them) What we see is that regularly (between every few hours and a few days) the RED tunnel is still online, RED external IP pingable, but no traffic coming in from the LAN, at least it does not reach the redsX interface on the XG (18.0.3). The RED has to be rebooted.

    The Sophos case has been going on for two months. I''ve been suspecting a problem on the LAN side (maybe even a customer problem), for a while, so what you are describing sounds interesting.