Sophos Firewall v18.5 MR1 verfügbar…

Sophos hat SFOS v18.5 MR1 veröffentlicht. Die Firmware ist für XGS, XG, Virtual- und Software Appliances sowie alle unterstützten Cloud-Plattformen verfügbar. Sie bietet Unterstützung für die neuen Sophos Central Orchestration-Features und eine Reihe wichtiger Sicherheitskorrekturen/Verbesserungen.

Hier die meiner Meinung nach wichtigsten Neuerungen/Verbesserungen:

  • Central SD-WAN VPN Orchestration ermöglicht eine einfache Point-and-Click Site-to-Site VPN-Organisation von Sophos Central aus.
  • Central Firewall Reporting Advanced mit 30-tägiger Datenaufbewahrung für vollständiges Multi-Firewall-Reporting in Sophos Central.
  • Sophos MTR/XDR-Connector zur Nutzung von Sophos Firewall-AI als Teil des Managed Threat Response 24/7-Service.
  • Behebung der kürzlich entdeckten FragAttack-Schwachstellen in der Wi-Fi-Spezifikation.
  • Verbesserter Backup/Restore-Support.
  • VPN-Tunnel-Logging fügt verbesserte Protokollierung von VPN-Tunnel-Flapping-Events und IPsec IKEv2-Rekeying hinzu.

 

 

Anbei auch noch die gesamte Liste der behobenen Fehler:

NC-69584 [Authentication, SSLVPN] The user information displayed for remote users under Monitor & Analyze -> Current activities on Web Admin are not display proper. 
NC-73734 [Date/Time Zone] Reports showing wrong time zone due to /etc/timezone is not updated during restore
NC-73542 [Email] DKIM signing broken in Exim 4.94
NC-73665 [Email] Email exception list is empty for source/host if you save and re-open the exception
NC-58370 [Firewall] User logout event clears firewall fields in conntrack of connection going through network based rules, results in packet drop
NC-66067 [Firewall] Firewall filter for 'unused' rules does not work.
NC-69495 [Firewall] XG 210 frequently rebooting [skb->sk corruption]
NC-69558 [Firewall] XG750 18.0.3.457 crash: tcp_v4_rcv+0xb14/0xbb0
NC-70461 [Firewall] IPv6 Host group doesn't match when a network type host is added in host group
NC-71473 [Firewall] PortB4 (not existing) still shows up in custom SNAT on CLI
NC-71922 [Firewall] XGS6500 auto rebooted
NC-72153 [Firewall] VLAN on bridge with fastpath enabled does not pass traffic
NC-72494 [Firewall] When multiple packets are sent from the same origin to the same destination at the same time,the first packets always get drop
NC-68595 [HA] Unable to establish HA with Quick Mode
NC-72076 [HA] HA sync dir failure resulted in empty directory
NC-69937 [Hotspot] Hotspot option device per voucher is inconsistent
NC-72311 [Hotspot] Hotspot user logged in when the arp resolution was in incomplete state
NC-71126 [Interface Management] XGS 116w EAP3 - IF alias UI timeout error
NC-71333 [Policy Routing] Incoming VPN traffic doesn't follow SDWAN policy
NC-71151 [QoS] Unable to edit/add users when traffic shaping policy exist with name "None"
NC-71996 [SNMP] SNMPD memory usage keeps increasing
NC-73687 [SSLVPN] SSLVPN remote access: push_reply does not include updated permitted lan networks
NC-71443 [WAF] WAF license warning even if WAF is subscribed
NC-72625 [Email] Fixes multiple vulnerabilities (AKA 21Nails) in Exim with upgraded version v4.94.2
NC-73665 [Email] Email exception list is empty for source/host if you save and re-open the exception
NC-72494 [Firewall] When multiple packets are sent from the same origin to the same destination at the same time,the first packets always get drop
NC-71033 [Firmware Management] VM - Some time Mandatory firmware applied successfully but device did not reboot after it
NC-72076 [HA] HA sync dir failure resulted in empty directory
NC-76446 [WAF] SSLVPN DEAD on 18.5 MR1 Build318 upgrade if WAF and SSLVPN uses the same port

Ihr könnt Euch das Update aus dem Licensing Portal herunterladen. Die Voraussetzung für die Firmware sind Sophos Firewall v18.5 GA, v18 MR3+ oder v17.5 MR14+. Weitere Informationen findet Ihr unter Sophos Firewall v18.5 MR1 is now available und in den Release Notes.

Update: Artikel wurde aktualisiert.

Schreibe einen Kommentar