Sophos Xg 18 Mr1

Posted on  by admin

Issues resolved in 18.0 MR4 build 506:

  • NC-59149 [API framework] CSC stops responding since all 16 workers remain busy.
  • NC-50703 [Authentication] Access server restarted with coredump using STAS and Chrome SSO.
  • NC-54576 [Authentication] Sophos Connect client connections exhaust the virtual IP pool.
  • NC-57273 [Authentication] Need to create users for RADIUS in UPN format.
  • NC-59129 [Authentication] Authentication fails due to SSL VPN (MAC BINDING). Logging doesn't carry any information for the cause.
  • NC-61017 [AWS] AWS: TX-DRP increases constantly and affects production traffic.
  • NC-59574 [Base System (deprecated)] Sometimes hotfix timer is deleted.
  • NC-58587 [Clientless Access] Clientless access service crashes.
  • NC-59411 [DNS] Unable to add underscore character in DNS host entry.
  • NC-54604 [Email] POPs/IMAPs (warren) dropping connection due to SSL cache error.
  • NC-59897 [Email] Specific inbound mail not being scanned for malware.
  • NC-60858 [Email] PDF attachment in inbound email got stripped by email protection.
  • NC-63870 [Email] Firewall creates infinite connections to itself on Port 25.
  • NC-59406 [Firewall] Kernel crashed due to conntrack loop.
  • NC-59809 [Firewall] Loopback rule not hit when created using server access assistance (DNAT) wizard and WAN interface configured with network rather than host.
  • NC-59929 [Firewall] Firewall rules not visible on GUI. Page stuck on loading.
  • NC-60078 [Firewall] WAF: Certificate can't be edited for API XML import.
  • NC-61226 [Firewall] Different destination IP address is shown in log viewer for Allow and Drop firewall rule when DNAT is on.
  • NC-61250 [Firewall] Memory leak (snort) on XG 430 rev. 2 running SFOS v18.
  • NC-61282 [Firewall, HA] Failed to enable HA when a new XG Firewall replaces an existing XG Firewall.
  • NC-62001 [Firewall] Kernel panic on XG 550.
  • NC-62196 [Firewall] Policy test for firewall, SSL/TLS and web with day doesn't match schedule rule.
  • NC-63429 [Firewall] Kernel stack is corrupted in bitmap hostset netlink dump.
  • NC-65492 [Firewall] User isn't able to generate access code for policy override.
  • NC-59747 [Firmware Management] Upgrade to 18.0 SR4 failed on Azure.
  • NC-58618 [FQDN] [coredump] fqdnd in Version 18.0.2.
  • NC-62868 [HA] HA - Certificate sync fails in auxiliary device.
  • NC-64269 [HA] IPv6 MAC-based rule not working when traffic is load balanced to the auxiliary device.
  • NC-64907 [HA] Auxiliary appliance crashes when broadcast packet is generated from it.
  • NC-65158 [Hotspot] Voucher export shows encrypted PSKs with secure storage master key.
  • NC-57661 [IPS-DAQ-NSE] [NEMSPR-98] Browser 'insecure connection' message when NSE is on but not decrypting.
  • NC-58391 [IPS-DAQ-NSE] TLS inspection causing trouble with incoming traffic.
  • NC-61498 [IPS-DAQ-NSE] Symantec endpoint updates URL failed when DPI interferes.
  • NC-63242 [IPS-DAQ-NSE] SSL/TLS inspection causing outbound traffic issues with Veeam backups.
  • NC-59774 [IPsec] Charon shows dead status.
  • NC-59775 [IPsec] Sporadic connection interruption to local XG Firewall after IPsec rekeying.
  • NC-60361 [IPsec] Incorrect IKE_SA proposal combination being sent intermittently by XG Firewall during IKE_SA rekeying.
  • NC-61092 [IPsec] Strongswan not creating default route in table 220.
  • NC-62749 [IPsec] Responder not accepting SPI values after its ISP disconnects.
  • NC-61101 [L2TP] Symlink not created for L2TP remote access.
  • NC-62729 [L2TP] L2TP connection on alias interface not working since update to 18.0.
  • NC-59563 [Licensing] Apostrophe in email address prevents the 'Administration' menu from loading.
  • NC-63117 [Logging Framework] Garner is core-dumping frequently.
  • NC-61535 [Network Utils] Diagnostics, tools, ping utility not working with PPPoE interface.
  • NC-62654 [nSXLd] NSXLD Coredump caused the device not to respond.
  • NC-59724 [RED] Backup from 17.5 MR10 doesn't restore on 18.0.
  • NC-60081 [RED] Unable to specify username and password when using GSM 3G/UMTS failover.
  • NC-60158 [RED] FQDN host group appearing in RED standard-split network configuration.
  • NC-60854 [RED] RED S2S tunnel static routes disappear on firmware update.
  • NC-63803 [RED] FailSafe mode after backup restore. Unable to start RED service.
  • NC-55003 [Reporting] Keyword search engine report not working.
  • NC-59106 [Reporting] Security Audit Report (SAR) missing information under 'Number of attacks by severity level'.
  • NC-60430 [Reporting] XG Firewall sends duplicate copies of schedule executive report.
  • NC-60851 [Reporting] Scheduled reports aren't sent.
  • NC-62804 [SecurityHeartbeat] Registration to central security heartbeat doesn't work through upstream proxy.
  • NC-62182 [SFM-SCFM] Administrator unable to change password of 18.0 device from SFM/CFM.
  • NC-61313 [SNMP] Memory utilization mismatch between UI and atop/SNMP.
  • NC-64454 [SNMP] XG 86: /tmp partition becomes 100 per cent full due to snmpd logs.
  • NC-53896 [SSLVPN] Enforce TLS 1.2 on SSL VPN connections.
  • NC-60302 [SSLVPN] All the SSL VPN live connected users get disconnected when administrator changes the group of a single SSL VPN connected user.
  • NC-60184 [UI Framework] Missing HTTP security headers for HSTS and CSP.
  • NC-61206 [Up2Date Client] Firewall fails to fetch hotfixes and ppatterns: File /conf/certificate/u2dclient.pem missing.
  • NC-62689 [VFP-Firewall] When FastPath (firewall-acceleration) is on, traceroute shows time-out on the XG Firewall hop.
  • NC-63783 [VFP-Firewall] Unable to start IPS.
  • NC-64470 [VFP-Firewall] Auto reboot/nmi_cpu_backtrace due to VFP. Turning off firewall acceleration fixed the issue.
  • NC-63058 [VirtualAppliance] Incorrect virtual XG Firewall model name appears in GUI and CLI.
  • NC-47994 [Web] Pattern updates for SAVI and AVIRA are failing.
  • NC-54173 [Web] URL Group: Add URL control fails when there's leading or trailing white space.
  • NC-51888 [WebInSnort] IPP/AirPrint not accessible after upgrade of software appliance firmware to 18.0 EAP1.
  • NC-54978 [WebInSnort] When an HTTPS connection isn't decrypted, reports show a hit to the site but no bytes are sent or received.
  • NC-62448 [WebInSnort] Core dump on Snort.
  • NC-63515 [WebInSnort] NSE: Unsupported EC type with application control and web policy.
  • NC-64875 [WebInSnort] HTTP pipelining errors in DPI mode with non-pipelined traffic.
  • NC-60615 [Firmware] Ambiguous alert shown during firmware upgrade to 18.0 MR1 for HA.
  • NC-59809 [NAT] Loopback rule created using server access assistant and WAN interface configured with network not matched.
  • NC-61507 and NC-52716 [Route-based VPN] XFRM traffic dropped when there's a NAT MASQ rule on the listening interface.
Sophos

Issues resolved in 18.0 MR3 build 457:

We updated manually from 17.5.13 to 18.0.1 without issue on an XG 210. It was brand new out of the box, automatically updated to 17.5.13 and then we manually uploaded and updated to 18.0.1, all settings we had put in place before updating were there. Overview This knowledge base article provides information on the retirement of network security hardware products (Sophos SG UTM, XG Firewall, Wireless, RED) and software support. Sophos heeft nieuwe versies vrijgegeven van zijn XG Firewall met 17.5 MR12 en 18.0 GA-Build379 als versienummers. Deze software wordt zowel op fysieke hardware als in een soft-appliance voor. That was one of my next things to try. Will see if this works. We’ve got a training system setup where our main office system has VLANs for each engineer where we forward all traffic from an external ip to an up on that vlan, then on the training system we install Sophos xg as firewall and it’s wan port is on that vlan. In this video, Jelan from Sophos Support shows you how to set up SSL VPN Remote User access on the XG Firewall.-Click Show More to vi.

  • NC-58229 [Authentication] Failing Sophos AV and Avira AV pattern updates.
  • NC-51876 [Core Utils] Weak SSHv2 key exchange algorithms.
  • NC-58144 [DNS] XG Firewall reporting its own lookups in ATP causing a flood of events.
  • NC-54542 [Email] Email banner added to incoming emails.
  • NC-59396 [Email] Blocked senders able to send emails.
  • NC-58159 [Firewall] Unable to ping external IP addresses from the auxiliary appliance console.
  • NC-58356 [Firewall] Direct proxy traffic doesn't work when RBVPN is configured.
  • NC-58402 [Firewall] Firewall restarts randomly.
  • NC-59399 [Firewall] ERROR(0x03): Failed to migrate configuration. Loading the default configuration.
  • NC-60713 [Firewall] User portal hotspot voucher configuration times out.
  • NC-60848 [Firewall] HA cluster: Both devices restart unexpectedly.
  • NC-59063 [Firmware Management] Remove expired CAs from SFOS.
  • NC-44455 [HA] System-originated traffic not flowing from the auxiliary device when SNAT policy is configured for system-originated traffic.
  • NC-62850 [HA] Filesystem anomaly in /conf.
  • NC-58295 [IPsec] Dropped due to TLS engine error: STREAM_INTERFACE_ERROR.
  • NC-58416 [IPsec] IKE SA re-keying doesn't re-initiate itself after re-transmission time-out of 5 attempts.
  • NC-58499 [IPsec] Sophos Connect client 'IP is supposed to be added in the ##ALL_IPSEC_RW'.
  • NC-58687 [IPsec] IPsec tunnel not re-initiated after PPPoE reconnect.
  • NC-58075 [Netflow/IPFIX] Netflow data not sending interface ID.
  • NC-55698 [nSXLd] Unable to add new domain in custom category.
  • NC-62029 [PPPoE] PPPoE link doesn't reconnect after disconnecting.
  • NC-57819 [RED] XG Site-to-site RED tunnel disconnects randomly with 17.5.MR10 and 18.0.
  • NC-60240 [RED] Interfaces page is blank after adding SD-RED 60 with PoE selected.
  • NC-61509 [RED] RCA site-to-site RED tunnel static routes disappear with firewall update.
  • NC-59204 [SFM-SCFM] Task queue pending but never applies with XG 86W appliance.
  • NC-60599 [SFM-SCFM] Task queue pending but never applies because of improper encoding.
  • NC-62304 [SFM-SCFM] Notification email sent from XG Firewall shows the wrong Sophos Central administrator.
  • NC-61956 [UI Framework] Web admin console and user portal not accessible because of space issue in certificate name.
  • NC-62218 [UI Framework] Post-auth command injection through the user portal 1/2 (CVE-2020-17352).
  • NC-62222 [UI Framework] Post-auth command injection through the user portal 2/2 (CVE-2020-17352).
  • NC-58960 [Up2Date Client] HA: IPS service observed DEAD.
  • NC-59064 [Web] Appliance becomes unresponsive: awarrenhttp high memory consumption.
  • NC-60719 [WebInSnort] DPI engine intermittently causing website to load slowly.
  • NC-61367 [CAPTCHA] CAPTCHA issue for IPv6 on LAN zone is resolved.
  • NC-58463 [Sandbox]: Firewall changes data centers losing job results.

Issues resolved in 18.0 MR1 build 396:

  • NC-30903 [Authentication] STAS configuration can be edited through the GUI on AUX machine.
  • NC-50703 [Authentication] Access server restarted with coredump using STAS and Chrome SSO.
  • NC-50716 [Authentication] Cannot import LDAP server through the XMLAPI if client certificate is 'None'.
  • NC-54689 [Authentication] Support download certificate for iOS 13 and above.
  • NC-55277 [Authentication] Service 'Chromebook SSO' is missing on Zone page.
  • NC-51660 [Backup-Restore] Restore failed using a backup of XG135 on SG230 appliance.
  • NC-55015 [Bridge] Wi-Fi zone is not displayed while creating bridge.
  • NC-55356 [Bridge] TCP connection fails for VLAN on bridge with HA Active-Active when source_client IP address is odd.
  • NC-52616 [Certificates] Add support for uploading of CRLs in DER format.
  • NC-55739 [Certificates] EC certificate shows up as 'RSA' in SSLx CA certificate drop-down list.
  • NC-55305 [CM (Zero Touch)] System doesn't restart on changing time zone when configured through ZeroTouch.
  • NC-55617 [CM (Zero Touch)] Wrong error message in log viewer after ZeroTouch process.
  • NC-55909 [Core Utils] Unable to see application object page on SFM.
  • NC-30452 [CSC] Dynamic interface addresses not showing on AUX after failover.
  • NC-55386 [Dynamic Routing (PIM)] PIM-SM import fails with LAG as dependent entity.
  • NC-55625 [Dynamic Routing (PIM)] In HA with multicast interface, routes are not getting updated in the AUX routing table.
  • NC-55461 [Email] After adding or editing FQDN host with smarthost, it is not displayed on the list until the page is refreshed.
  • NC-58898 [Email] Potential RCE through heap overflow in awarrensmtp (CVE-2020-11503).
  • NC-55635 [Firewall] Display filter for forwarded traffic is not working properly on packet capture page.
  • NC-55657 [Firewall] HA backup restore fails when port name is different in backup and appliance.
  • NC-55884 [Firewall] IPS policy ID and appfilter ID not displaying in firewall allow log in the log viewer.
  • NC-55943 [Firewall] Failed to resume existing connection after removal of heartbeat from firewall configuration.
  • NC-57084 [Firewall] Custom DMZ not listed in dedicated link HA configuration.
  • NC-44938 [Firmware Management, UX] Web UI does not show reasons for firmware upload failure.
  • NC-55756 [Gateway Management] Gateway isn't deleted from SFM UI after being deleted from SFM.
  • NC-55552 [HA] WWAN interface showing in HA monitoring ports.
  • NC-55281 [Import-Export Framework] Full configuration import fails when using third-party certificate for webadmin setting.
  • NC-55171 [Interface Management] VLAN Interface IP is not assigned via DHCP when gateway name uses some special characters.
  • NC-55442 [Interface Management] DNS name lookup showing incorrect message.
  • NC-55462 [Interface Management] Import fails on configuring Alias over VLAN.
  • NC-55659 [Interface Management] Invalid gateway IP and network IP configured using API for IPv6.
  • NC-56733 [Interface Management] Patch PPPd (CVE-2020-8597).
  • NC-51776 [IPS Engine] Edit IPS custom rule protocol doesn't work after creation.
  • NC-51558 [IPsec] Add warning message before deleting xfrm IPsec tunnel.
  • NC-55309 [Logging] Local ACL rule not created through log viewer for IPv4 and IPv6.
  • NC-50413 [Logging Framework] Gateway up event log for PPPoE interface not always shown in the log viewer.
  • NC-55346 [Logging Framework] Clear All for 'Content filtering' does not clear SSL/TLS filter option.
  • NC-56831 [Policy Routing] SIP traffic doesn't work at times with SD-WAN policy route.
  • NC-46009 [SecurityHeartbeat] Spontaneous reconnect of many endpoints.
  • NC-51562 [SecurityHeartbeat] Heartbeat service not started after HA failover.
  • NC-52225 [Synchronized App Control] SAC page loading issues as the list of apps increases.
  • NC-54078 [UI Framework] Internet Explorer UI issue on certain rules and policies pages.
  • NC-56821 [Up2Date Client] SSL VPN downloading with 0 KB.
  • NC-54007 [Web] File type block messages sometimes contain mimetype rather than file type.
  • NC-60108 [API Framework] Pre-auth SQLi in API interface OPCODE.
  • NC-59156 [CSC] Traffic not passing after upgrade to SF 18.0 MR1.
  • NC-59300 [Email] Blind pre-auth SQLi in spxd on port 8094.
  • NC-23160 [Firewall] LAN test failed in Port3 in SFLoader for 125/135 desktop model.
  • NC-59586 [Network Utils] Remove MD5 remnant.
  • NC-46109 [RED] No proper forwarding if bridging 3 or more RED site-to-site tunnels on XG Firewall.
  • NC-50796 [RED] All RED site-to-site tunnels restart when configuring one RED interface.
  • NC-60162 [Reporting] Error 500 displayed for web admin console and user portal after HF4.1 applied on virtual XG Firewall.
  • NC-60171 [Security, UI Framework] Admin to super admin privilege escalation.
  • NC-59427 [SFM-SCFM] SQLi in user portal.
  • NC-59932 [UI Framework] Unable to sign in to the user portal or web admin console using IE after HF4.1.
Issues resolved in build 379:
  • NC-59408 [API Framework, UI Framework] SQLi prevention in hybrid request - ORM fields and mode parameters (CVE-2020-12271).
  • NC-58898 [Email] Potential RCE through heap overflow in awarrensmtp (CVE-2020-11503).
  • NC-59300 [Email] Blind pre-auth SQLi in spxd on port 8094.
  • NC-59454 [UI Framework] Enable apache access logs.

Issues resolved in build 354:

  • NC-57910 [Base System (deprecated)] Unable to upgrade from 17.5 MR9 to 18.0 GA.
  • NC-56732 [Firewall] Kernel panic after update to 18.0 GA due to SSLVPN.
  • NC-57067 [IPsec] Sophos Connect lease doesn't support more than 255 IP addresses in the address range.

Issues resolved in build 339:

  • NC-54339 [Config Migration Framework] 17.5 MR10 to 18.0 GA migration support
  • NC-56550 [Policy Routing] SD-WAN policy routing screen smudge with blue strip
  • NC-56201 [RED] Backup/Restore failure from 17.5 MR9 to 18.0 with specific RED configuration
  • NC-56397 [Web] Certificate error received by the user

Issues resolved in build 321:

Sophos Xg 18 Mr1 Download

  • NC-33664 [App Signature] Unable to block Psiphon
  • NC-42675 [Authentication] access_server returns 'Login Failed' if two awarrenhttp threads call in at same time
  • NC-44686 [Authentication] Import/export of AUTHCTA has missing and incorrect values
  • NC-48116 [Authentication] Importing users via csv file with special character in password fails
  • NC-50521 [Authentication] User group assignment issue with LDAP users
  • NC-54642 [Authentication] Authentication not working due to high CPU utilization of access_server
  • NC-50136 [Backup-Restore] ISP failover for 2 PPPoE connections is not working for local LAN systems
  • NC-51979 [Backup-Restore] Can't reflect time zone from restoring backup file after factory resetting
  • NC-32336 [Base System] gpg vulnerability (CVE-2018-12020)
  • NC-42490 [Base System] Validation function for legacy objects does not get called
  • NC-55640 [Bridge] Firewall rule id not matching if traffic is going into wifi interface
  • NC-45935 [Certificates] Fingerprint not updated on Default CA regenerate event
  • NC-49023 [Certificates] Webproxy signing with non default certificate when using HTTPS Scanning
  • NC-54562 [Certificates] CAs are missing after update from v18 EAP2 to EAP3
  • NC-29869 [Clientless Access(HTTP/HTTPS)] 'Internal Server Error' after adding many VPN bookmarks
  • NC-48516 [Config Migration Framework] Configuration migration log on console is wrong in case of failed migration
  • NC-55270 [Config Migration Framework] Report migration failed
  • NC-49648 [CSC] API Get BridgePair requests sometimes report incorrectly 'No. of records Zero.'
  • NC-52857 [CSC] One time scheduler doesn't work as expected in case of DST
  • NC-51717 [DDNS, Email] DDNS uses wrong IP when interface is configured with PPPoE + Alias
  • NC-38763 [DHCP] IP not leased to DHCP only interface when update from stateless
  • NC-38795 [DHCP] IPv6 not removed from DB while disable DHCPv6 manage flags from RA server
  • NC-38930 [DHCP] Editing DHCPv6 interface with auto configuration does not get IP from DHCPv6 server
  • NC-39157 [DHCP] DHCPv6 client option 'Accept other configuration from DHCP' is not working
  • NC-50214 [DHCP] DHCP server dead with specific configuration
  • NC-51957 [Documentation] Showing fastpath load failed with command 'console> system firewall-acceleration show'
  • NC-48712 [Email] Antivirus service in stopped state, cannot recover it
  • NC-51340 [Email] Mailscanner child process causing OOM events when editing blocked senders list
  • NC-51347 [Email] Error message 'undefined' received when trying to add host
  • NC-51883 [Email] API error 599 when performing GetRequest for various email modules
  • NC-52212 [Email] Reject/Drop action not work correctly for oversized mails
  • NC-53016 [Email] Email Blocked Senders cannot be updated
  • NC-55138 [Email] SAVI AV update failed
  • NC-22659 [Firewall] IPtable chains not created for firewall rule whose name contains blackslash '
  • NC-30482 [Firewall] DNAT rules stop working after every reboot when migrating from UTM to SFOS
  • NC-36616 [Firewall] Firewall group not available in APIhelpdoc
  • NC-37775 [Firewall] Configuring over 20 time schedulers on the various firewall rules is causing CSC freeze
  • NC-43017 [Firewall] Full config export does not include Security Policy group
  • NC-43415 [Firewall] In the firewall rule, types of services are not translated
  • NC-48803 [Firewall] Virtual Host update is calling on every FQDN IP update even its not used in virtual host configuration
  • NC-49101 [Firewall] Group description delete issue in firewall
  • NC-49678 [Firewall] Default ICMP service not matching in policy test tool
  • NC-50222 [Firewall] Firewall rule position display is incorrect on rule deletion
  • NC-50549 [Firewall] Drop packet does not show all the information for firewall rule ID 0 drop compare to v17.5
  • NC-50712 [Firewall] NAT rules UI error
  • NC-50949 [Firewall] Wrong ARP behavior in relation to DNAT rules
  • NC-51867 [Firewall] Denied firewall logs send to garner for allowed firewall rule even if logging is disabled
  • NC-51964 [Firewall] DNAT rule stopped working after every reboot
  • NC-52395 [Firewall] Getting wrong username in admin event for firewall rule group name update
  • NC-52429 [Firewall] Web access lost for 10+ minutes after HA fail-over
  • NC-52638 [Firewall] WAF is not able to connect to webserver via IPsec tunnel
  • NC-52662 [Firewall] Continuous receiving 'fw_fp_invalidate_microflows:459: Queueing invalidate work ffff8801ed1bb5c0' error in syslog
  • NC-52853 [Firewall] Observed feedback channel plugin of garner core dump on XG330
  • NC-52873 [Firewall] Kernel warning message 'RIP: 0010:tcp_send_loss_probe+0x13f/0x1c0' observed in syslog
  • NC-53364 [Firewall] Firewall rules are not getting created correctly using XML API
  • NC-53988 [Firewall] Kernel panic on XG450 appliance
  • NC-54038 [Firewall] Wrong notification message displayed after disabling firewall rule
  • NC-55261 [Firewall] Appliance crashing with Kernel Panic
  • NC-55789 [Firewall] Ipuser ipset dumps when user is authenticated via STAS
  • NC-47482 [Firmware Management] Firmware mismatch issue - both firmware slots showing same firmware
  • NC-52441 [Firmware Management] Some time firmware 'install' opcode getting timeout and installation failed
  • NC-38800 [HA] Incorrect error message when configure HA A-A with DHCP interface
  • NC-39015 [HA] Unable to configure peer administration port for HA A-P when one of IP family of the interface is Dynamic IP assignment
  • NC-30485 [Import-Export Framework] Export full configuration some time fails with error - 'The request could not be completed'
  • NC-39229 [Interface Management] XG unsynced with SFM when unbind any interface from SFM
  • NC-46514 [Interface Management] Cyberoam backup restore fails when DHCPv6 interface configured
  • NC-48450 [Interface Management] Table for interface widget is not visible in control center page
  • NC-49938 [Interface Management] Some time traffic drop in bridge mode
  • NC-48956 [IPS Engine] Modify IPS TCP Anomaly Detection setting to disabled in default setting
  • NC-53875 [IPS Engine] IPS keeps getting started because of page allocation failure
  • NC-51568 [IPS-DAQ] Coredump in snort
  • NC-52085 [IPS-DAQ] Wget not working for IPv6 sites in bridge mode - SSL decrypt not working
  • NC-53363 [IPS-DAQ] Internet traffic hang and all traffic dropped
  • NC-52641 [IPS-DAQ-NSE] IPS Service DEAD
  • NC-54310 [IPS-DAQ-NSE] CC terminals not establish a connection with server
  • NC-29370 [IPsec] Tunnel is getting established even though PFS is disabled on the VPN client side and enabled in SFOS IPsec profile
  • NC-49919 [IPsec] Dgd service stopped and unable to start
  • NC-33848 [LAG] LAG advanced options not working when LAG is member of Bridge
  • NC-40683 [LAG] LAG active mode import-export is not working
  • NC-52090 [Logging] LogViewer: 'Action is not Allowed' filtering not working in detailed view
  • NC-52762 [Logging] LogViewer: system mentioned in upper case
  • NC-46114 [Logging Framework] Improper input validation and email notification after failed login (Webadmin, SSH, ...)
  • NC-50127 [Logging Framework] Garner coredump in HA setup at handle_sync_input
  • NC-51942 [Logging Framework] Policy Test Tool not working if firewall rule created with destination network as country or country group
  • NC-37839 [nSXLd] Proxy authentication is not cleared after config reload
  • NC-37841 [nSXLd] Keywords are not deleted when custom web category is deleted
  • NC-54525 [RED] S2S RED tunnel doesn't established on SFOS after EAP2 to EAP3 upgrade
  • NC-28022 [Reporting] Incomplete field names on data anonymization page
  • NC-42864 [Reporting] Reports downloaded in PDF format have logo too close to the first line in most pages
  • NC-43183 [Reporting] When data anonymization is enabled, scheduled reports are showing 'Not available' instead of anonymized string
  • NC-45154 [Reporting] Cannot specify hour and minute properly in Detailed Custom Reports
  • NC-45236 [Reporting] Reports sent 1 hour later than scheduled
  • NC-46178 [Reporting] 'Web Risks & Usage Visibility' not showing any data
  • NC-49273 [Reporting] Filtering on blocked user activities not working as expected
  • NC-52120 [Reporting] Daily Reports are received but it delayed by different time
  • NC-52125 [Reporting] UTQ user data is empty in SAR report but populated in GUI dashboard report
  • NC-53072 [Reporting] Events reports (Admin, Authentication and System) are not generating due to db query for insert query getting failed
  • NC-53369 [Reporting] Application Categories shown as 'Unclassified'
  • NC-54177 [Reporting] UTQ not generating due to change in web categories names
  • NC-48718 [Service Object] Unable to edit service object that is assigned to a firewall rule
  • NC-47585 [SFM-SCFM] Backedup 'central reporting' config is not maintained after Restoring config
  • NC-53043 [SNMP] Wrong data is displayed in SNMP query for CPU usage
  • NC-47348 [SSLVPN] LogViewer logs are not generated for ssl vpn connection up or down events
  • NC-55228 [SSLVPN] Site2site - SSLVPN client in HA is not initiating connection after active node shut down
  • NC-54150 [Static Routing] Data insertion is failing if large number of connections are present and Live Connection page is loaded
  • NC-54314 [Static Routing] Negative value is displayed in upstream/downstream bandwidth column
  • NC-51673 [UI Framework] User portal redirect loop when using non-standard port
  • NC-55193 [VFP-Firewall] Port self test reboots appliance - V18 fastpath
  • NC-23045 [WAF] WAF - Increase default TLS version to v1.2
  • NC-51952 [WAF] WAF firewall rule update failed after migration from 17.5 MR8 to 18.0 EAP1
  • NC-55034 [WAF] Web server timeout of 0 leads to syntax error in reverseproxy.conf
  • NC-51156 [Web] Dynamic app filter rules which do not contain any applications is enforced for all applications in WIS
  • NC-53402 [Web] Appliance auto reboot due to OOM (out of memory)
  • NC-53709 [Web] Tiktok video not working with plain firewall rule with SSL/TLS enabled
  • NC-54421 [Web] SSLx Exception based on SAC does not work
  • NC-44346 [WWAN] Celullar WAN does not takeover again on failover

XG Firewall v18 got off to a tremendous start with thousands of customers upgrading on launch day to take advantage of the new Xstream Architecture and other great enhancements.

Today, the product team is pleased to announce a new release of XG Firewall v18, maintenance release 1 (MR1), that is now available for all XG Firewall devices. This latest release includes all security hotfixes, as well as over fifty performance, reliability and stability enhancements, and support for our new SD-RED devices.

Upgrading to v18 MR1 is seamless from v17.5 MR6 and above, and from any other v18 release version. XG Firewall customers will soon start seeing the new release appear in their console with a firmware upgrade notification. However, for customers that don’t want to wait, they can initiate the upgrade manually anytime. Just send your customers to the MySophos Licensing Portal via the URL below.

Find Out What’s New

Watch this brief five-minute overview of what’s new in XG Firewall v18:

Here are the top new enhancements at a glance:

  • Xstream Architecture: A new streaming DPI engine, high-performance TLS 1.3 inspection, AI-powered threat intelligence with in-depth reporting, and FastPath application acceleration
  • Sophos Central: Group firewall management and cloud reporting make management easier and provide deeper insights into network activity with flexible report-customization tools and a new license for extending your firewall data storage in the cloud
  • Synchronized SD-WAN: Brings the power of Synchronized Security to reliably and accurately route application and user-based traffic over preferred WAN links
  • Plug-and-Play High Availability (HA): Makes it easy to enable business continuity and adds peace-of-mind. Simply connect two XG Series appliances together and you’ll be up and running in no time. And Sophos Central now supports HA pairs
  • Real-time Flow Monitoring: Get at-a-glance insights into active bandwidth-consuming hosts, applications, and users – a fan favorite feature from our UTM 9 platform
  • Expanded Notifications and Alerts: You will never miss an important network security event, whether it’s related to a threat, service, or important performance metric
  • New SD-RED Model Support: With MR1, take advantage of our all-new SD-RED 20 and SD-RED 60 models that provide added performance, modular connectivity, and redundant power for the ultimate solution for remote-branch or device connectivity

Upgrading XG Firewall firmware is easy. Help remind your customers how to upgrade with this video refresher.

Mr1

Sophos Xg 18 Mr1 Release

Migrating from SG UTM

Sophos SG UTM customers interested in taking advantage of all the great new enhancements in XG Firewall can do so for free at anytime. A valid license can be transferred over at no extra charge and Sophos Professional Services is happy to help with migration if desired. Existing SG Series hardware is fully supported (except for the SG 105, which lacks the minimum required 4 GB of RAM). However, you may want to take this opportunity to consider refreshing your customer’s hardware to take full advantage of all the new capabilities such as TLS inspection. Check out this recent article for full details.

Migrating from Cyberoam

Sophos Xg Firewall 18 Mr1

Migrating from Cyberoam to XG Firewall v18 is strongly encouraged to get all the added usability, security, and performance benefits of XG Firewall. If any of your customers are using Cyberoam, we are currently offering an XG Firewall upgrade promotion.

Sophos Xg 18 Mr1

New to XG Firewall

And of course, for any new customers who are not familiar with Sophos XG Firewall, let them know why it offers the world’s best visibility, protection, and response.