Can you please suggest here,
1.How to check the existing running version in XG firewall?(Steps)
2.What is the downtime required if this is the older one ?
3. What is the impact of up gradation in existing policies or client affect?
Information on how to check if you have hotfix 2 (for v17.5.8) is here: https://community.sophos.com/kb/en-us/134852#related%20information
What I'm not seeing is if this affects ALL firmware versions or just 17.5.8.
Is there a way to force a hotfix update?
Also please note, on some HA pairs, if going from a much older version to v17.5.9, there's a possibility that one of the firewall's will lock up during the update potentially taking your network down and forcing a manual reboot. I've had this happen on SEVERAL firewalls.
Come on XG team, you've announced an RCE vulnerability, but have give your customers very little to go on. Reading between the lines as Clark did, it appears that Hot Fix version 2 is what is needed on MR8? I've started spot checking some MR8 XGs we have out there, and they are on Hot Fix v1, even though auto-install of hotfixes is enabled. Can this be forced? Are the updates trickling out? Is there a workaround that can be done by disabling/ACLing certain services?
I just got off with Sophos support, it affects ALL versions of Sophos XG firmware except 17.5.9 MR9. There is no way to force a hotfix update, it's likely a rolling patch/push.
No info on what the vulnerability is, Support seems caught as unaware as we are and recommended upgrading production firewalls to v17.5.9 to mitigate the issue (in the middle of the day?!?!?).
I've checked all our firewalls and they are all reporting that Hot Fix 1 is installed, still no sign of hotfix 2. Rather than wait I thought I would upgrade to 17.5.9, however when I run a check for new firmware on the Sophos device itself I get the message that "No upgrades available" . It's currently running 17.5.8
Is anyone else having the same issue ?
New firmware isn't typically released for the XG to update to via the GUI. You can download from the MySophos portal.
Unconfirmed though official channels but unofficially it looks like the issue is related to SSH access from the WAN. If you turn off SSH access from the WAN (which you should anyway!) then it should mitigate the vulnerability. For reference, best practice is to turn off WAN access to the admin portal, SSH and/or any items you don't actively need (SSL VPN or User Portal asside). If you absolutely need access, try to lock it down to a specific ACL.
That said, still update your firmware or watch for the hotfix to be applied. The above will help mitigate, but is NOT a fix.
Eesh people leave management open to WAN? Ours is limited to ACL to our networks & Sophos CFM.
What do you think you are also doing with Sophos central Management ?
CFM is also limited by ACL. Ours don't seem to talk unless we have an ACL in there. Has been that way since XG started.