Cookies op Tweakers

Tweakers maakt gebruik van cookies, onder andere om de website te analyseren, het gebruiksgemak te vergroten en advertenties te tonen. Door gebruik te maken van deze website, of door op 'Ga verder' te klikken, geef je toestemming voor het gebruik van cookies. Wil je meer informatie over cookies en hoe ze worden gebruikt, bekijk dan ons cookiebeleid.

Meer informatie

Software-update: Sophos XG Firewall 17.0.5 MR5

Sophos heeft een nieuwe versie vrijgegeven van zijn XG Firewall met 17.0.5 MR5 als versienummer. Deze software wordt zowel op fysieke hardware als in een soft-appliance voor VMware, Hyper-V, Xen en KVM geleverd. Naast de betaalde varianten voor bedrijven biedt Sophos deze firewall voor thuisgebruik zonder kosten aan, zoals op deze pagina te lezen is. Voor de verschillende image- en updatebestanden kun je terecht op het MySophos-portaal. De aankondiging van deze uitgave ziet er als volgt uit:

SFOS 17.0.5 MR5 Released

Hi XG Community!

We've finished SFOS v17.0.5 MR5. This release is available from within your device for all SFOS v17.0 installations as of now. Besides that, the release is available to all SFOS version via MySophos portal.

Note: There are a few edge cases where some customers may still experience issues using multiple subnets with a single IPSec connection. The team is working on those and all the last known issues should be addressed in MR6 which is expected to follow very soon. Please follow this Sophos XG Firewall: Cannot handle more than 2 concurrent Quick Mode exchanges per IKE_SA when using IKEv1

Issues Resolved
  • NC-23258 [API] System debug logs should not contain sensitive information
  • NC-21429 [Authentication] Users don't show the correct properties from their group after auto-creation
  • NC-21820 [Authentication] Make Access Server port (6060) use IP_PKTINFO
  • NC-22770 [Authentication] User role cannot change to Administrator for AD Users
  • NC-22935 [Authentication] Users are unable to login with CAA
  • NC-27199 [Authentication] Access Server crashes with eDirectory
  • NC-20765 [Base System] If several SNMP communities exist with same name in XG, all are deleted if you delete one
  • NC-22276 [Base System] SNMP Walk delivering inconsistent information
  • NC-22323 [Base System] Garner fails to log when multiple threads call gr_io simultaneously
  • NC-23073 [Base System] iView v3 doesn't display any email usage data
  • NC-26730 [API, Base System] Unable to change admin password through API
  • NC-25793 [Clientless Access] File browser does not load if directory contains a hardlink
  • NC-25852 [Clientless Access] UI dialog doesn't reset after closing and reopen
  • NC-21823 [Authentication, Firewall] Live users only displaying 8192 users
  • NC-22738 [Firewall, Performance] Firewall page load time increases after adding firewall groups
  • NC-22878 [Firewall] Allow user to edit rule while double clicking on the rule
  • NC-23254 [Firewall] In TAP mode, management interface doesn't respond when same traffic is seen on TAP and MGMT
  • NC-25628 [Firewall] Appliance inaccessible after restoring backup file from 16.5 MR8 to 17 MR1
  • NC-25724 [Firewall] Special character "|" allowed in firewall rule name but then does not allow moving firewall rule within the group
  • NC-25965 [Firewall] Unable to delete a proxy-arp entry
  • NC-25970 [Framework(UI)] Change React.js to production mode in SFOS release builds
  • NC-23212 [HA] Wrong Dedicated Link value is displayed after saving HA Auxiliary configuration
  • NC-23077 [Hotspot] Changing hotspot customization type from Full to Basic or Basic to full, removes default voucher template
  • NC-26137 [Hotspot] Interfaces not listed correctly for hotspot configuration
  • NC-22572 [IPS] "Status" value is empty for IPS logs in log viewer
  • NC-26882 [IPS] User can not add IPS Policy Rules to SF with 'Smart Filter' option enabled in any IPS policy using SFM
  • NC-27230 [IPS] IPS service is in dead state
  • NC-23016 [IPsec] RSA connection not working without remote ID and remote gateway '*'
  • NC-26152 [IPsec] IKEv2 initiator does not try forever if rekeying tries = 0
  • NC-26338 [IPsec] VPN failover timeout takes too long
  • NC-26339 [IPsec] Remote access with IPsec/PSK can't be established
  • NC-26354 [IPsec] IPsec UP notifications are being sent even though the tunnel is UP for IKEv2
  • NC-26582 [IPsec] IPSec tunnel not reinitiated after PPPoE reconnect
  • NC-26634 [IPsec] Add validation message for PSK connections with remote '*'
  • NC-26888 [IPsec] UI - Hostname beginning with a number for VPN remote gateway address is not accepted
  • NC-26988 [IPsec] VPN connection can't be established if the PSK is very long
  • NC-26998 [IPsec] Webadmin is very slow after update to SF v17 MR3
  • NC-27030 [IPsec] System unresponsive after enabling non-establishing IPsec connections
  • NC-27255 [IPsec] 64 characters PSK gets truncated to 57 characters
  • NC-26100 [Logging] Typo in "Missing Heartbeat" in log viewer
  • NC-19417 [Mail Proxy] Emails have the banner as an attachment instead of inline in the message
  • NC-22816 [Mail Proxy] Unable to release quarantined emails - 'Bad Request' received
  • NC-23049 [Mail Proxy] "Release" link in quarantine digest not obeying configuration settings when SF in HA (A-A)
  • NC-25705 [Mail Proxy] Antivirus fails to start after downgrade from v17.0 MR2 to v16
  • NC-25808 [Mail Proxy] AwarrenMTA: few mails appear on queue after delivery (DB query fails due to special character)
  • NC-26061 [Mail Proxy] IP reputation check is skipped when clubbed with 'recipient verification' policy
  • NC-26750 [Mail Proxy] RBL scan should be skipped if IP address is in Allowed IP address list
  • NC-26773 [Mail Proxy] Incorrect values shown for disk utilization for SMTP quarantine
  • NC-21877 [Networking] Remove limit for static IP-MAC mapping in DHCP
  • NC-22792 [Networking] Full import export is failing due to specific invalid dhcp config
  • NC-25395 [Networking] Wrong port OUT marked while using of primary and secondary gateway
  • NC-23178 [nSXLd] URL categorization look up fails
  • NC-23206 [nSXLd] Unable to save domain info in customized web categories
  • NC-26080 [Reporting] "Internal Server Error" while accessing Web Admin
  • NC-25589 [SSLVPN] Username with '@' is not displayed correctly in SSL VPN Client
  • NC-22961 [Synchronized App Control] Add customized apps to the "categorized" widget in control center
  • NC-25309 [Synchronized App Control] Timestamps for last occurrence should not show seconds
  • NC-25950 [Synchronized App Control] Endpoint name is shown wrong after upgrade to MR-2
  • NC-25953 [Synchronized App Control] Normalized path is shown instead of filename after upgrade to MR-2
  • NC-22750 [UI] Control Center - text wrapped and appears on two lines in Japanese language
  • NC-26242 [UI] Web Server Protection >> General Settings tab is not displayed in some languages
  • NC-26340 [Up2date Client] Message "New firmware available for AP" shown on dashboard although version is already installed
  • NC-21760 [WAF] Ruleid is not set in case of HTTPS host mismatch
  • NC-25461 [WAF] Additional cookie from WAF is added without HttpOnly detail
  • NC-25633 [WAF] Unable to edit/save WAF rule
  • NC-18732 [IPS, Web] Load average is going high on CR300iNG with SFOS v16.5 & v17.0 GA
  • NC-22030 [Web] Policy tester does not allow multicast addresses in the URL
  • NC-22752 [Web] Range requests cannot download files larger than 2GB
  • NC-22993 [Web] TeamViewer not working after upgrading to 16.5 MR7
  • NC-23061 [Web] Content Filter details are not displayed with languages other than English
  • NC-23082 [Web] Garner segfault occurred in feedback channel plug-in
  • NC-25356 [Web] High memory utilization increasing daily on XG430
  • NC-25370 [Web] Web Proxy does not work correctly when application filter is set to "Synchronized App Control"
  • NC-25397 [Web] Logout option disappears from Captive Portal page
  • NC-25582 [Web] Range header in requests should not be validated when AV scanning is not required
  • NC-25771 [Web] Gmail: Email attachment upload failed with HTTPS scanning
  • NC-26352 [Web] Outlook cert error in explicit mode on dns failures
  • NC-25687 [Wireless] Built-in AP is not broadcasting unless it is configured in a separate zone
  • NC-26380 [Wireless] Wrong wireless AP status displayed in Control Center
Versienummer 17.0.5 MR5
Releasestatus Final
Website Sophos
Download https://www.sophos.com/en-us/mysophos
Licentietype Freeware/Betaald

Reacties (3)

Wijzig sortering
Wordt of gaat Sophos XG de nieuwe standaard worden ?
Gaat Sophos SG er uiteindelijk uit of blijven de 2 smaken gewoon bestaan.
Ooit overgestapt van SG naar XG ben de werking van SG verleerd moet weer zoeken van waar zat dat ook al weer.
XG is in principe de opvolger van UTM9 (Die op SG hardware draait). Maar ze bestaan voorlopig nog naast elkaar, en ontwikkeling/support van beide loopt ook gewoon door.
Daarnaast was destijds (Of is?) de XG minder feature-compleet dan UTM9. Geen idee hoe dat tegenwoordig is.

En er zou ook een migratietool komen, maar die is er nooit gekomen, dus onze firewalls zijn nog UTM9. Mijn thuis appliance wel eens naar XG geupgrade en een aantal weken getest, maar ik vind de UTM9 interface overzichtelijker/gemakkelijker dus vooralsnog draai ik weer UTM9.
Blijkbaar blijven ze naast elkaar bestaan.

https://news.sophos.com/en-us/2015/11/09/xg-firewall-faq/

Do I have to migrate from SG UTM to XG Firewall?

No. While we are confident that most Sophos SG UTM customers will want to take advantage of many of the great new features and benefits of XG Firewall over time, there is certainly no rush, and you don’t have to migrate if you don’t want to.

Op dit item kan niet meer gereageerd worden.


Apple iPhone XS Red Dead Redemption 2 LG W7 Google Pixel 3 XL OnePlus 6T (6GB ram) FIFA 19 Samsung Galaxy S10 Google Pixel 3

Tweakers vormt samen met Tweakers Elect, Hardware.Info, Autotrack, Nationale Vacaturebank en Intermediair de Persgroep Online Services B.V.
Alle rechten voorbehouden © 1998 - 2018 Hosting door True