Sophos XG SFOS v18 MR-1-Build396 verfügbar…

Sophos hat die neue Firmware der XG-Firewall v18 MR1 (Build 396) veröffentlicht. Mit dem Update gibt es einige Verbesserungen und neue Funktionen. Unter anderem werden jetzt die neuen RED 20 und RED 60 unterstützt. Ein Upgrade von SFOS 17.5 MR11 sowie MR 12 auf den neuen Build ist möglich.

Mit der neuen Firmware zeigt die Webkonsole detaillierte Fehlerursachen an, wenn Firmwareuploads fehlschlagen. Außerdem lassen sich nun unter Qurantäne gestellte E-Mails im Userportal freigeben 🙂 . Zuvor veröffentlichte Hotfixes sind übrigens in dieser Version enthalten!

Anbei die Liste der Neuerungen in diesem Build und aus dem Build 367:

NC-60108 [API Framework] Preauth SQLi in apiInterface OPCODE
NC-59156 [CSC] Traffic not passing after upgrade to SF 18.0 MR1
NC-59300 [Email] Blind pre-auth SQLi in spxd on port 8094
NC-23160 [Firewall] LAN test failed in Port3 in SFLoader for 125/135 desktop model
NC-59586 [Network Utils] Remove MD5 remnant
NC-46109 [RED] No proper forwarding if bridging 3 or more RED s2s tunnels on an XG
NC-50796 [RED] All RED site to site tunnel restart when configuring one RED interface
NC-60162 [Reporting] Error 500 displayed for WebAdmin and UserPortal after HF4.1 applied on virtual XG
NC-60171 [Security, UI Framework] Admin to Superadmin privilege escalation
NC-59427 [SFM-SCFM] SQLi in User Portal
NC-59932 [UI Framework] Unable to login to user portal or admin using IE after HF4.1

Aus Build 367
NC-30903 [Authentication] STAS configuration is editable via GUI on AUX machine
NC-50703 [Authentication] Access server restarted with coredump using STAS and Chrome SSO
NC-50716 [Authentication] Cannot import LDAP server via XMLAPI if client cert is "None"
NC-54689 [Authentication] Support download certificate for iOS 13 and above
NC-55277 [Authentication] Service "Chromebook SSO" is missing on Zone page
NC-51660 [Backup-Restore] Restore failed using a backup of XG135 on SG230 appliance
NC-55015 [Bridge] Wifi zone is not displayed while creating bridge
NC-55356 [Bridge] TCP connection fails for VLAN on bridge with HA Active-Active when source_client IP address is odd
NC-52616 [Certificates] Add support for uploading of CRLs in DER format
NC-55739 [Certificates] EC certificate shows up as "RSA" in SSLx CA cert dropdowns
NC-55305 [CM (Zero Touch)] System don't restart on changing time zone while configured through ZeroTouch
NC-55617 [CM (Zero Touch)] Getting wrong error message in log viewer after ZeroTouch process
NC-55909 [Core Utils] Unable to see application object page on SFM
NC-30452 [CSC] Dynamic interface addresses not showing on Aux after failover
NC-55386 [Dynamic Routing (PIM)] PIM-SM import fails with LAG as dependent entity
NC-55625 [Dynamic Routing (PIM)] In HA with multicast interface, routes are not getting updated in the Aux routing table
NC-55461 [Email] After adding/edit FQDN host with smarthost, it is not displayed on the list until refresh the page
NC-58898 [Email] Potential RCE through heap overflow in awarrensmtp (CVE-2020-11503)
NC-55635 [Firewall] Display filter for forwarded is not working properly on packet capture page
NC-55657 [Firewall] HA backup restore fails when port name is different in backup and appliance
NC-55884 [Firewall] IPS policy id and appfilter id not displaying in firewall allow log in logviewer
NC-55943 [Firewall] Failed to resume existing connection after removal of heartbeat from firewall configuration
NC-57084 [Firewall] Custom DMZ not listed in dedicated link HA configuration
NC-44938 [Firmware Management, UX] Web UI does not surface reasons for firmware upload failure
NC-55756 [Gateway Management] Gateway isn't deleted from SFM UI after deleting it from SFM
NC-55552 [HA] WWAN interface showing in HA monitoring ports
NC-55281 [Import-Export Framework] Full configuration import fails when using third party certificate for webadmin setting
NC-55171 [Interface Management] VLAN Interface IP is not assigned via DHCP when gateway name uses some special characters
NC-55442 [Interface Management] DNS name lookup showing incorrect message
NC-55462 [Interface Management] Import fails on configuring Alias over VLAN
NC-55659 [Interface Management] Invalid gateway IP and network IP configured using API for IPv6
NC-56733 [Interface Management] Patch PPPd (CVE-2020-8597)
NC-51776 [IPS Engine] Edit IPS custom rule protocol doesn't work after creation
NC-51558 [IPsec] Add warning message before deleting xfrm ipsec tunnel
NC-55309 [Logging] Local acl rule not created through log viewer for IPv4 and IPv6
NC-50413 [Logging Framework] Gateway up event log for PPPoE interface not always shown in logviewer
NC-55346 [Logging Framework] Clear All for "Content filtering" does not clear SSL/TLS filter option
NC-56831 [Policy Routing] SIP traffic sometimes not working with SDWAN policy route
NC-46009 [SecurityHeartbeat] Spontaneous reconnects of many endpoints
NC-51562 [SecurityHeartbeat] Heartbeat service not started after HA failover
NC-52225 [Synchronized App Control] SAC page loading issues as the list of apps increases
NC-54078 [UI Framework] Internet Explorer UI issue on certain rules and policies pages
NC-56821 [Up2Date Client] SSL VPN downloading with the 0KB
NC-54007 [Web] File type block messages sometimes contain mimetype rather than file type

Weitere Informationen erhaltet Ihr wie immer in der Sophos Community. Solltet Ihr weitere Fragen haben, dann hinterlasst einen Kommentar oder schreibt mir eine E-Mail.

Dieser Beitrag hat 2 Kommentare

  1. Jörg Seidel

    Guten Morgen,
    ich habe zum Upgrade SFOS 18.0.1 MR-1-Build396 eine Frage. Nach dem Upgrade konnten all unsere Handys keine Mail mehr
    größer 1 MB versenden. Kann ich das in der Sophos anpassen oder wie wird empfohlen vorzugehen?

    1. Hi, von dem Fehler höre ich zum ersten Mal. Ich kann dazu auch nichts in der Community finden. Wenn möglich, erstelle einen thread im Sophos XG Forum.

Schreibe einen Kommentar