Sophos Firewall v18.5 MR2 verfügbar…

Sophos Firewall OS v18.5 MR2 (Build 380) ist ab sofort verfügbar und enthält eine Reihe von Funktionserweiterungen, Sicherheits- und Leistungsoptimierungen sowie Fehlerkorrekturen; darunter auch ein CVE in OpenSSL (CVE-2020-15078).

Ihr könnt Euch die Firmware aus dem Lizenzportal MySophos herunterladen und manuell installieren. Die Updatedatei kommt mit einer Größe von knapp 400 MB daher.

Folgende Features sind in diesem Update enthalten:

FIPS 140-2 Level 1-Validierung
– Federal Information Processing Standards Publications (FIPS) 140-2-Validierung für Hardware der XGS-Serie und virtuelle Maschinen, die auf Sophos neuesten Kryptographiemodul basieren.

IPsec VPN-Verbesserungen
– Verbesserte Leistung durch die Unterstützung von GCM- und Suite-B-Chiffren.
– Verbesserte Idle-Timeout-Unterstützung für Fernzugriffsverbindungen.
– Routing-Optimierung unter Verwendung der IP-Adresse der Tunnel-Schnittstelle für routenbasiertes IPsec-Masquerading (MASQ).

Neuer Sophos Assistent
– Interaktive, geführte „Hilfe“ für wichtige Workflows im Produkt.

Credential-free Registrierung für Sophos Central
– Vereinfachtes Onboarding neuer Firewalls in Sophos Central.

Verbesserungen bei der Authentifizierung
– Verbesserte MFA-Unterstützung für das Admin-Konto mit Warnmeldungen und einem optimierten Einrichtungsprozess.
– Unterstützung für mehrere Gruppenmitgliedschaften in Active Directory, um alle Gruppen anzuzeigen, denen ein Benutzer angehört.

Zertifikatsverbesserungen
– Neue Informationen über Zertifizierungsstellen, einfache Identifizierung von lokal hinzugefügten Zertifikaten und einfacheres Herunterladen des öffentlichen Teils eines Zertifikats.

Zusätzliche Verbesserungen der Benutzerfreundlichkeit und Funktionen
– Neue Domänen für den TLS-Ausschluss wurden hinzugefügt.
– Unterstützung für Cloudflare als DDNS-Dienstanbieter.
– Hinzufügen eines neuen globalen IPS-Schalters zum Aktivieren oder Deaktivieren der IPS-Engine.
– Verbesserung des Installationsassistenten.
– Aktualisierung der JQuery-Version auf 3.5.x.

Verbesserung des Troubleshootings
– Verbesserte Handhabung von Protokolldateien, Backend-Berichterstellung und Verbesserungen der Benutzerfreundlichkeit.

Solltet Ihr im Besitz eines XGS-Modells sein, gibt es folgendende Neuerungen:

– Aktualisierung des Xstream Flow Processor Driver – für die Modelle der XGS-Serie 4300, 4500, 5500 und 6500 zur Optimierung der Leistung dieser High-End-Modelle.
– Reimaging der XGS-Serie – eine visuelle Anzeige des ISO-Reimaging-Abschlusses erfolgt jetzt auf dem LCD-Display oder auf den Schnittstellen-LEDs.
– Hardware-Reset bei XGS 87/107 – durch langes Drücken der Hardware-Reset-Taste kann jetzt ein Werksreset ausgelöst werden.

Hier die detaillierte Liste der Bugfixes:

NC-80101 Central management Garner service remained in a busy status.
NC-79943 IPS engine IPS service was down.
NC-79452 XGS BSP Slow upload speed for XGS 2100 over 1G interfaces with 100 Mbps speed.
NC-79404 Reporting Log viewer wasn't returning results from /var/eventlogs/.
NC-79386 IPS tuleset management Incorrect signature date shown on the IPS policy screen after migration.
NC-79335 IPS ruleset management Incorrect placement of icon for loading IPS signatures.
NC-79110 Firewall Couldn't restore backup from 17.5 MR16 to 18.0 MR6.
NC-79029 IPS engine IPS was restarting with core dump.
NC-78572 Firewall Constant restart of XG 750 HA pair.
NC-78512 RED Split networks weren't reachable from the RED network for one RED device.
NC-77938 IPsec Unable to deactivate the failover group.
NC-77771 VFP-Firewall Kernal panic: Unable to handle kernel paging request at ffff88036e000000.
NC-77729 IPsec IPsec tunnel not reconnecting after PPPoE reconnects.
NC-77289 Security, Web db testpass wasn't always encrypted correctly.
NC-77026 Security Heartbeat Heartbeat authenticated users get disconnected.
NC-76742 Firewall XG Series appliance goes into failsafe mode after backup is uploaded.
NC-76521 Firewall Firewall ID doesn't appear in the ID column.
NC-76400 IPsec Apple iOS IPsec VPN client configuration issue.
NC-76041 Web XGS 6500: AVD thread count anomaly.
NC-75990 IPsec IPsec tunnel not coming up until service restarts.
NC-75870 HA QuickHA page stops responding. The administrator isn't able to close it.
NC-75844 HA Traffic issues in HA active-active mode.
NC-75783 Authentication LDAP authentication with anonymous sign-in wasn't working.
NC-75543 IPsec Tunnel wasn't established because traffic was passing through an incorrect interface.
NC-75269 Backup and restore Firmware didn't upgrade from 18.0 MR4 to 18.0 MR5 in HA pair.
NC-75175 RED RED service didn't restart because of corrupt entry in tblreddevice.
NC-75159 IPsec IPsec failover wasn't working and required deactivating and then reactivating the failover group to bring the tunnel up.
NC-75030 IPsec Charon crash in adopt_children_job.c execute.
NC-74891 IPsec Email notifications received for auxiliary device in HA active-passive mode.
NC-74864 IPsec Unable to download VPN iOS profile from the user portal when authentication type is certificate for the Sophos Connect client.
NC-74791 Email Quarantine digest sends email 6 minutes earlier than the configured time.
NC-74735 HA The auxiliary device restarts during HA failover.
NC-74603 Firewall Log for denied attempt to sign in to the web admin console shows the destination port as custom port.
NC-74593 Logging framework (Central reporting) Reports for the last one hour didn't load in the report generator.
NC-74101 Email Email delivery issue due to a Brazilian character.
NC-73926 HA Unable to access websites sometimes with HA active-active load balancing.
NC-73800 WebInSnort Websites blocked when custom application control policy was applied.
NC-73703 IPsec Unable to connect to the Sophos Connect client because of incorrect preshared key in KVM HA setup.
NC-73617 Static routing Mandatory setting requirement when deleting static route through API.
NC-73089 VFP-Firewall Ports not added to LAG.
NC-73004 SSLVPN CVE-2020-15078 patch for OpenVPN 2.3.6.
NC-72955 Logging framework Logviewer stopped working when active.db was damaged.
NC-72949 IPS-DAQ Print jobs weren't working with the DPI engine.
NC-72934 IPsec Child SA disconnected when the idle setting was turned on in the Sophos Connect client.
NC-72920 IPsec xfrm packet loss on route-based IPsec VPN.
NC-72851 Application filter policy Importing application filter policy changed the rules and their list of applications when any of the rules had selected Cloud application under Characteristics.
NC-72694 Web SSL/TLS inspection didn't work for SMTP.
NC-72664 Authentication XG Series appliance wasn't initiating a request to AD server on port 6677 after the appliance was restarted.
NC-72545 Support access Duplicate support access ID was created during backup-restore.
NC-72492 Authentication Guest users who had received a password once were later unable to get the password through SMS.
NC-71595 Firewall DNAT rule wasn't working after migration from CROS to SFOS 17.5 MR15.
NC-71555 Email Getting certificate-related error when accessing the Outlook client with POP3 scanning rule configured on XG Series appliance.
NC-71216 WebInSnort Unable to access Microsoft TFS (Team Foundation Server) hosted on LAN network through SSL VPN.
NC-70909 HA Service monitor failure results in an alert since the HA auxiliary device was shutdown.
NC-70877 Authentication Expired guest users received an SMS with a blank password.
NC-70863 Email Unable to delete quarantined email.
NC-70783 RED Web admin console access to the primary HA device was lost when a RED interface was saved.
NC-70733 WWAN USB Dongle Huawei E8372 wasn't reconnecting after a power cycle.
NC-70568 Firmware management Executive reports for the auxiliary device weren't received over email in time.
NC-70320 IPsec Unable to make changes when Organizational Units (OU) are present.
NC-70251 IPS engine IPS service was down after enabling HA active-passive mode.
NC-70243 Reporting Report generation stopped after January 1, 2021.
NC-70067 Central management (Join to Cloud) Central registration alert didn't disappear after registration.
NC-70057 Network Utilities Intermittent WAN connectivity issue for firewall running on Azure.
NC-70041 SSL VPN Incorrect count for remote users and connected users.
NC-70030 WebInSnort Unable to show username using the custom block Page with the DPI engine.
NC-69993 IPsec All IPsec tunnels were down, dead gateway detection stopped, and gateway was missing after 30 minutes.
NC-69945 Web Awarrenhttp was down.
NC-69456 Firewall The firewall went into failsafe mode after restoring a backup.
NC-69335 IPsec Unable to delete an IPsec connection on the second page of the connection list.
NC-69314 IPS-DAQ-NSE Connection dropped due to TLS engine error.
NC-69303 IPsec IPsec connection configured with certificate doesn't connect.
NC-69286 VFP-Firewall ICMP times out when firewall acceleration is turned on.
NC-69111 Authentication Unable to export remote users from XG Series appliance.
NC-68979 Email Korean language is broken in the body of email that's encrypted with SPX.
NC-68839 SSL VPN All users aren't able to the download Sophos connect client from the user portal.
NC-68614 RED SD-RED UI doesn't show LTE support.
NC-68531 IPsec Showing an error when configuring remote access IPsec VPN.
NC-68461 IPsec Kernel panic issue.
NC-68324 SD-WAN routing FTP data connection issue with SD-WAN policy route.
NC-68277 RED RED site-to-site tunnel failover doesn't always work.
NC-68263 UI framework Unable to access the web admin console at times.
NC-68228 Configuration migration framework High disk utilization.
NC-68226 WebInSnort Google website not opening with DPI engine and application control.
NC-68194 Web Unable to reset web quota.
NC-68187 DDNS Unknown error while generating DynDNS IP address.
NC-68176 Email Not possible to use special characters in the password for an external email notification server.
NC-67997 Authentication csd service is in stopped status.
NC-67952 IPsec ESP sequence number mismatch.
NC-67803 Logging framework Live connection page wasn't loading.
NC-67761 CSC System start fails when a large number of users are included in a single firewall rule.
NC-67675 HA The firewall goes into failsafe mode if an interface is added in discover mode when HA is enabled.
NC-67606 Email Unable to update certificate in SMTP TLS settings using API.
NC-67340 RED All the RED 50s disconnect.
NC-66980 VFP-Firewall The firewall restarts because of kernel panic.
NC-66966 Web Unable to sign in to cPanel server with direct proxy.
NC-66194 Email High CPU utilization by mail scanner.
NC-66087 Authentication Active Directory group import failed in XG series appliance using 18.0.
NC-66068 Email DKIM signing not taking place for out-of-office, non-delivery reports, and bounced emails.
NC-65831 Email The same email is shown for a different filter in the mail log.
NC-65567 RED Split networks aren't reachable if settings are changed in transparent/split mode.
NC-65533 Email Misleading message in notification settings for external mail server.
NC-65200 Clientless access No key recognition after pressing the Windows key in clientless access.
NC-65198 Email False positive for CCL with the term "credit card" in the body.
NC-64973 CSC Split networks weren't reachable if the definition name contains special characters.
NC-63872 Email DKIM verification being applied to outbound emails and emails were getting quarantined.
NC-63177 IPS-DAQ-NSE DPI causing issue with SSL 2.0 client hello.
NC-62880 Logging framework Sentry reported coredump in crformatter_free_data.
NC-62245 Authentication OTP settings can't add groups as Organizational Units (OUs).
NC-62169 Wireless Wireless APs aren't able to lease IP addresses in separate zone.
NC-62120 Interface management Couldn't restore backup to a different appliance.
NC-61909 API framework Mapping issue for i18n configuration and actual configuration name.
NC-60855 Web Unable to restore backup from CROS 10.6.6 MR5 to 17.5 MR12.
NC-54523 Email Yahoo email account configured in email client wasn't working with IMAPS scanning.
NC-54308 Email HSTS not offered on port 8094.
NC-50232 Wireless Built-in wireless stops broadcasting for LocalWiFi.
NAF-53 Firmware Mesh APX device restarts at times, stopping internet access.
NRF-517 RED SD-RED 60 loses VLAN configuration after RED pattern update to 3.0.006.
NRF-509 Firmware AP isn't registering through the RED 15w tunnel.

Weitere Informationen erhaltet Ihr in der Sophos Community in diesem Artikel: Sophos Firewall v18.5 MR2 (Build 380) is now available. Schaut Euch vor der Installation der Firmware die Sophos release notes an und insbesondere die known Issues.

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht.