Nachdem bereits am 14.12.2020 SFOS 17.5 MR15 für XG veröffentlich wurde, hat Sophos SFOS 18 MR4 im Sophos Licensing Portal zur Installation bereit gestellt. Die Firmware ist knapp 834 MB groß und beinhaltet jede Menge neue Features und Bugfixes. Sophos drängt fast schon dazu, zügig mit der Updateprozedur zu beginnen.
SFOS 18 MR4 bringt Verbesserung und Erweiterungen bei den Punkten Hochverfügbarkeit, VPN, Security und Sophos Central. Die genauen Details hierzu findet ihr in diesem Artikel: XG Firewall v18 MR4 is Now Available. Daduch, dass die Passwortkomplexität für alle Kennwörter aktiviert wird, werdet Ihr mitunter beim Upgrade dazu aufgefordert, Euer Passwort zu ändern.
Anbei noch die detailierte Liste der Bugfixes:
NC-59149 [API Framework] CSC hangs as all 16 workers remains busy NC-50703 [Authentication] Access server restarted with coredump using STAS and Chrome SSO NC-54576 [Authentication] Sophos Connect connections exhausting virtual IP pool NC-57273 [Authentication] Create users for RADIUS in UPN format NC-59129 [Authentication] Authentication Failed due to SSL VPN (MAC BINDING) - Logging does not carry any information for the cause. NC-61017 [AWS] AWS: TX-DRP increases constantly and affecting production traffic NC-59574 [Base System (deprecated)] Sometimes hotfix timer is deleted NC-58587 [Clientless Access] Clientless access service crashes NC-59411 [DNS] Unable to add "underscore" character in DNS host entry NC-54604 [Email] POPs/IMAPs (warren) dropping connection due to ssl cache error NC-59897 [Email] Specific inbound mail apparently not being scanned for malware NC-60858 [Email] PDF attachment in inbound email got stripped by XG firewall Email Protection NC-63870 [Email] XG creates infinite connection to self on Port 25 NC-59406 [Firewall] Kernel crashed due to conntrack loop NC-59809 [Firewall] Loopback rule not hit when created using Server access assistance (DNAT) wizard and WAN interface configured with network rather then host NC-59929 [Firewall] Firewall Rules not visible on GUI, Page stuck on Loading NC-60078 [Firewall] WAF: Certificate can't be edit via API/XML import NC-61226 [Firewall] Different destination IP is shown in log viewer for Allow and Drop firewall rule when DNAT is enabled NC-61250 [Firewall] Memory leak (snort) on XG 430 rev. 2 running SFOS v18 NC-61282 [Firewall, HA] Failed to enable HA when a New XG is replaced in place of another XG. NC-62001 [Firewall] Kernel Panic on XG550 NC-62196 [Firewall] Policy Test for Firewall, SSL/TLS and Web with DAY does not match with Schedule rule NC-63429 [Firewall] Kernel stack is corrupted in bitmap hostset netlink dump NC-65492 [Firewall] User is not able to generate access code for policy override NC-59747 [Firmware Management] Upgrade to the v18 SR4 failed on Azure NC-58618 [FQDN] [coredump] fqdnd in Version 18.0.2 NC-62868 [HA] HA - Certificate Sync fails in Aux NC-64269 [HA] IPv6 MAC based rule not working when traffic is load balanced to Auxiliary NC-64907 [HA] The auxiliary appliance crashes when broadcast packet is generated from it NC-65158 [Hotspot] Voucher Export Shows Encrypted PSKs With SSMK NC-57661 [IPS-DAQ-NSE] [NEMSPR-98] Browser 'insecure connection' message when NSE is on but not decrypting NC-58391 [IPS-DAQ-NSE] TLS inspection causing trouble with incoming traffic NC-61498 [IPS-DAQ-NSE] Symantec endpoint updates URL is getting failed when DPI interfere NC-63242 [IPS-DAQ-NSE] SSL/TLS inspection causing outbound problems with Veeam backups NC-59774 [IPsec] Charon shows dead Status NC-59775 [IPsec] Follow-up: Sporadic connection interruption to local XG after IPsec rekeying NC-60361 [IPsec] Intermittently incorrect IKE_SA proposal combination is being sent by XG during IKE_SA rekeying NC-61092 [IPsec] Strongswan not creating default route in table 220 NC-62749 [IPsec] Responder not accepting SPI values after its ISP disconnects NC-61101 [L2TP] Symlink not created for L2TP remote access NC-62729 [L2TP] L2TP connection on alias interface not working since update to v18 NC-59563 [Licensing] Apostrophe in email address : Unable to load the "Administration" page from System > Administration NC-63117 [Logging Framework] Garner is core-dumping frequently NC-61535 [Network Utils] Diagnostics / Tools / Ping utility not working with PPPoE interface NC-62654 [nSXLd] NSXLD Coredump caused device hang NC-59724 [RED] Back-up from v17.5 MR10 Fails to Restore on v18 NC-60081 [RED] Unable to specify Username and Password when using GSM 3G/UMTS failover NC-60158 [RED] FQDN host Group appearing in RED configuration - Standard /split network NC-60854 [RED] Red S2S tunnel static routes disappear on firmware update NC-63803 [RED] FailSafe Mode After Backup Restore - Reason Unable To Start RED Service NC-55003 [Reporting] Keyword search engine report not working NC-59106 [Reporting] Security Audit Report missing information in "Number of Attacks by Severity Level" section NC-60430 [Reporting] XG firewall send duplicate copies of schedule executive report NC-60851 [Reporting] Scheduled reports won't be sent NC-62804 [SecurityHeartbeat] Registration to central security heartbeat does not work via upstream proxy NC-62182 [SFM-SCFM] Admin can not able to change password of SF 18.0 device from SFM/CFM device level NC-61313 [SNMP] Memory Utilization mismatch between UI and atop/SNMP. NC-64454 [SNMP] XG86 - /tmp partition becomes 100% full because of snmpd logs NC-53896 [SSLVPN] Enforce TLS 1.2 on SSL VPN connections NC-60302 [SSLVPN] All the SSL VPN Live connected users get disconnected when admin change the group of one SSL VPN connected user NC-60184 [UI Framework] Missing HTTP Security Headers for HSTS and CSP NC-61206 [Up2Date Client] XG Fails To Fetch hotfixes/patterns : File /conf/certificate/u2dclient.pem Missing NC-62689 [VFP-Firewall] When fastpath (firewall-acceleration) is enabled ,traceroute will show time-out on the XG hop NC-63783 [VFP-Firewall] Unable to start the IPS NC-64470 [VFP-Firewall] Auto reboot/nmi_cpu_backtrace due to VFP.Disabling firewall acceleration did fix the issue NC-63058 [VirtualAppliance] Incorrect Virtual XG Firewall Model Name Showing in GUI and CLI NC-47994 [Web] Pattern updates for SAVI and AVIRA are failing NC-54173 [Web] URL Group - add URL control fails on leading/trailing whitespace NC-51888 [WebInSnort] IPP/AirPrint not accessible after upgrade software appliance firmware to 18.0 EAP1 NC-54978 [WebInSnort] When a HTTPS connection is not decrypted, the reports will show a hit to the site but no bytes sent/received NC-62448 [WebInSnort] Core dump on Snort NC-63515 [WebInSnort] NSE: Unsupported EC type with App control and web policy NC-64875 [WebInSnort] HTTP Pipelining errors in DPI mode with non-pipelined traffic
Das Upgrade auf XG Firewall v18 MR4 wird von XG Firewall v17.5 MR6 und aufwärts vollständig unterstützt. Weitere Infos entnehmt Ihr bitte aus der Upgrade Matrix. Bei weiteren Fragen könnt Ihr einen Kommentar hinterlassen oder Ihr schreibt mir eine E-Mail.