Sophos hat SFOS 18 GA veröffentlicht. Ihr könnt Euch die Firmware unter MySophos herunterladen um sie dann manuell zu installieren Es ist ca 322 MB groß. Wer bereits registriert war und SFOS 18 EAP installiert hat, erhält einen Hinweis in der Benutzeroberfläche der XG und kann via Up2Date aktualisieren.
Anbei die Liste der Neuerungen:
Xstream Architecture (Xstream SSL Inspection, Xstream DPI Engine, Xstream Network Flow FastPath) SD-WAN Policy-based Routing enhancements, SD-WAN Application Routing and Synchronized SD-WAN Sandstorm Threat Intelligence Analysis and Reporting Sophos Central Firewall Reporting and Management NAT Enhancements Firewall Rules Management Improvements Route-based VPN High Availability (HA) Enhancements Email or SNMP Alerts and Notifications and SNMPv3 Radius Timeout with Two-Factor Authentication Actionable Log Viewer Bridge Interface Enhancements (ARP broadcasts, Spanning Tree Protocol (STP) traffic, and filter non-IP protocols) Advanced inter-VLAN routing and bridging (VLANs on Bridge) Flow Monitoring Improvements Interface Renaming Secure Syslog and Logs in the Standard Syslog Format VMware Tools (v10.3.10) Upgrade and Integration With VMware Site Recovery Manager (SRM) Jumbo Frame Support Enhanced DDNS Support Kerberos Authentication and NTLM Intelligent IPS Signature Selection Browsing quotas in web policies Wildcard Domain Support in WAF DKIM and BATV Anti-Spam Protection
Und die Liste der Fehlerbehebung:
NC-33664 [App Signature] Unable to block Psiphon NC-42675 [Authentication] access_server returns ‘Login Failed’ if two awarrenhttp threads call in at same time NC-44686 [Authentication] Import/export of AUTHCTA has missing and incorrect values NC-48116 [Authentication] Importing users via csv file with special character in password fails NC-50521 [Authentication] User group assignment issue with LDAP users NC-54642 [Authentication] Authentication not working due to high CPU utilization of access_server NC-50136 [Backup-Restore] ISP failover for 2 PPPoE connections is not working for local LAN systems NC-51979 [Backup-Restore] Can’t reflect time zone from restoring backup file after factory resetting NC-32336 [Base System (deprecated)] gpg vulnerability (CVE-2018-12020) NC-42490 [Base System (deprecated)] Validation function for legacy objects does not get called NC-55640 [Bridge] Firewall rule id not matching if traffic is going into wifi interface NC-45935 [Certificates] Fingerprint not updated on Default CA regenerate event NC-49023 [Certificates] Webproxy signing with non default certificate when using HTTPS Scanning NC-54562 [Certificates] CAs are missing after update from v18 EAP2 to EAP3 NC-29869 [Clientless Access(HTTP/HTTPS)] “Internal Server Error” after adding many VPN bookmarks NC-48516 [Config Migration Framework] Configuration migration log on console is wrong in case of failed migration NC-55270 [Config Migration Framework] Report migration failed NC-49648 [CSC] API Get BridgePair requests sometimes report incorrectly “No. of records Zero.” NC-52857 [CSC] One time scheduler doesn’t work as expected in case of DST NC-51717 [DDNS, Email] DDNS uses wrong IP when interface is configured with PPPoE + Alias NC-38763 [DHCP] IP not leased to DHCP only interface when update from stateless NC-38795 [DHCP] IPv6 not removed from DB while disable DHCPv6 manage flags from RA server NC-38930 [DHCP] Editing DHCPv6 interface with auto configuration does not get IP from DHCPv6 server NC-39157 [DHCP] DHCPv6 client option “Accept other configuration from DHCP” is not working NC-50214 [DHCP] DHCP server dead with specific configuration NC-51957 [Documentation] Showing fastpath load failed with command “console> system firewall-acceleration show” NC-48712 [Email] Antivirus service in stopped state, cannot recover it NC-51340 [Email] Mailscanner child process causing OOM events when editing blocked senders list NC-51347 [Email] Error message “undefined” received when trying to add host NC-51883 [Email] API error 599 when performing GetRequest for various email modules NC-52212 [Email] Reject/Drop action not work correctly for oversized mails NC-53016 [Email] Email Blocked Senders cannot be updated NC-55138 [Email] SAVI AV update failed NC-22659 [Firewall] IPtable chains not created for firewall rule whose name contains blackslash ‘\\\\\’ NC-30482 [Firewall] DNAT rules stop working after every reboot when migrating from UTM to SFOS NC-36616 [Firewall] Firewall group not available in APIhelpdoc NC-37775 [Firewall] Configuring over 20 time schedulers on the various firewall rules is causing CSC freeze NC-43017 [Firewall] Full config export does not include Security Policy group NC-43415 [Firewall] In the firewall rule, types of services are not translated NC-48803 [Firewall] Virtual Host update is calling on every FQDN IP update even its not used in virtual host configuration NC-49101 [Firewall] Group description delete issue in firewall NC-49678 [Firewall] Default ICMP service not matching in policy test tool NC-50222 [Firewall] Firewall rule position display is incorrect on rule deletion NC-50549 [Firewall] Drop packet does not show all the information for firewall rule ID 0 drop compare to v17.5 NC-50712 [Firewall] NAT rules UI error NC-50949 [Firewall] Wrong ARP behavior in relation to DNAT rules NC-51867 [Firewall] Denied firewall logs send to garner for allowed firewall rule even if logging is disabled NC-51964 [Firewall] DNAT rule stopped working after every reboot NC-52395 [Firewall] Getting wrong username in admin event for firewall rule group name update NC-52429 [Firewall] Web access lost for 10+ minutes after HA fail-over NC-52638 [Firewall] WAF is not able to connect to webserver via IPsec tunnel NC-52662 [Firewall] Continuous receiving ‘fw_fp_invalidate_microflows:459: Queueing invalidate work ffff8801ed1bb5c0’ error in syslog NC-52853 [Firewall] Observed feedback channel plugin of garner core dump on XG330 NC-52873 [Firewall] Kernel warning message ‘RIP: 0010:tcp_send_loss_probe+0x13f/0x1c0’ observed in syslog NC-53364 [Firewall] Firewall rules are not getting created correctly using XML API NC-53988 [Firewall] Kernel panic on XG450 appliance NC-54038 [Firewall] Wrong notification message displayed after disabling firewall rule NC-55261 [Firewall] Appliance crashing with Kernel Panic NC-55789 [Firewall] Ipuser ipset dumps when user is authenticated via STAS NC-47482 [Firmware Management] Firmware mismatch issue – both firmware slots showing same firmware NC-52441 [Firmware Management] Some time firmware ‘install’ opcode getting timeout and installation failed NC-38800 [HA] Incorrect error message when configure HA A-A with DHCP interface NC-39015 [HA] Unable to configure peer administration port for HA A-P when one of IP family of the interface is Dynamic IP assignment NC-30485 [Import-Export Framework] Export full configuration some time fails with error – ‘The request could not be completed’ NC-39229 [Interface Management] XG unsynced with SFM when unbind any interface from SFM NC-46514 [Interface Management] Cyberoam backup restore fails when DHCPv6 interface configured NC-48450 [Interface Management] Table for interface widget is not visible in control center page NC-49938 [Interface Management] Some time traffic drop in bridge mode NC-48956 [IPS Engine] Modify IPS TCP Anomaly Detection setting to disabled in default setting NC-53875 [IPS Engine] IPS keeps getting started because of page allocation failure NC-51568 [IPS-DAQ] Coredump in snort NC-52085 [IPS-DAQ] Wget not working for IPv6 sites in bridge mode – SSL decrypt not working NC-53363 [IPS-DAQ] Internet traffic hang and all traffic dropped NC-52641 [IPS-DAQ-NSE] IPS Service DEAD NC-54310 [IPS-DAQ-NSE] CC terminals not establish a connection with server NC-29370 [IPsec] Tunnel is getting established even though PFS is disabled on the VPN client side and enabled in SFOS IPsec profile NC-49919 [IPsec] Dgd service stopped and unable to start NC-33848 [LAG] LAG advanced options not working when LAG is member of Bridge NC-40683 [LAG] LAG active mode import-export is not working NC-52090 [Logging] LogViewer: “Action is not Allowed” filtering not working in detailed view NC-52762 [Logging] LogViewer: system mentioned in upper case NC-46114 [Logging Framework] Improper input validation and email notification after failed login (Webadmin, SSH, …) NC-50127 [Logging Framework] Garner coredump in HA setup at handle_sync_input NC-51942 [Logging Framework] Policy Test Tool not working if firewall rule created with destination network as country or country group NC-37839 [nSXLd] Proxy authentication is not cleared after config reload NC-37841 [nSXLd] Keywords are not deleted when custom web category is deleted NC-54525 [RED] S2S RED tunnel doesn’t established on SFOS after EAP2 to EAP3 upgrade NC-28022 [Reporting] Incomplete field names on data anonymization page NC-42864 [Reporting] Reports downloaded in PDF format have logo too close to the first line in most pages NC-43183 [Reporting] When data anonymization is enabled, scheduled reports are showing “Not available” instead of anonymized string NC-45154 [Reporting] Cannot specify hour and minute properly in Detailed Custom Reports NC-45236 [Reporting] Reports sent 1 hour later than scheduled NC-46178 [Reporting] “Web Risks & Usage Visibility” not showing any data NC-49273 [Reporting] Filtering on blocked user activities not working as expected NC-52120 [Reporting] Daily Reports are received but it delayed by different time NC-52125 [Reporting] UTQ user data is empty in SAR report but populated in GUI dashboard report NC-53072 [Reporting] Events reports (Admin, Authentication and System) are not generating due to db query for insert query getting failed NC-53369 [Reporting] Application Categories shown as “Unclassified” NC-54177 [Reporting] UTQ not generating due to change in web categories names NC-48718 [Service Object] Unable to edit service object that is assigned to a firewall rule NC-47585 [SFM-SCFM] Backedup ‘central reporting’ config is not maintained after Restoring config NC-53043 [SNMP] Wrong data is displayed in SNMP query for CPU usage NC-47348 [SSLVPN] LogViewer logs are not generated for ssl vpn connection up or down events NC-55228 [SSLVPN] Site2site – SSLVPN client in HA is not initiating connection after active node shut down NC-54150 [Static Routing] Data insertion is failing if large number of connections are present and Live Connection page is loaded NC-54314 [Static Routing] Negative value is displayed in upstream/downstream bandwidth column NC-51673 [UI Framework] User portal redirect loop when using non-standard port NC-55193 [VFP-Firewall] Port self test reboots appliance – V18 fastpath NC-23045 [WAF] WAF – Increase default TLS version to v1.2 NC-51952 [WAF] WAF firewall rule update failed after migration from 17.5 MR8 to 18.0 EAP1 NC-55034 [WAF] Web server timeout of 0 leads to syntax error in reverseproxy.conf NC-51156 [Web] Dynamic app filter rules which do not contain any applications is enforced for all applications in WIS NC-53402 [Web] Appliance auto reboot due to OOM (out of memory) NC-53709 [Web] Tiktok video not working with plain firewall rule with SSL/TLS enabled NC-54421 [Web] SSLx Exception based on SAC does not work NC-44346 [WWAN] Celullar WAN does not takeover again on failover
Weiter Informationen findet Ihr in in der Sophos Community. Solltet Ihr weiter Fragen haben, dann schreibt mir eine E-Mail oder hinterlasst einen Kommentar.