Software-update: Sophos XG Firewall 17.0.5 MR5

Sophos heeft een nieuwe versie vrijgegeven van zijn XG Firewall met 17.0.5 MR5 als versienummer. Deze software wordt zowel op fysieke hardware als in een soft-appliance voor VMware, Hyper-V, Xen en KVM geleverd. Naast de betaalde varianten voor bedrijven biedt Sophos deze firewall voor thuisgebruik zonder kosten aan, zoals op deze pagina te lezen is. Voor de verschillende image- en updatebestanden kun je terecht op het MySophos-portaal. De aankondiging van deze uitgave ziet er als volgt uit:

SFOS 17.0.5 MR5 Released

Hi XG Community!

We've finished SFOS v17.0.5 MR5. This release is available from within your device for all SFOS v17.0 installations as of now. Besides that, the release is available to all SFOS version via MySophos portal.

Note: There are a few edge cases where some customers may still experience issues using multiple subnets with a single IPSec connection. The team is working on those and all the last known issues should be addressed in MR6 which is expected to follow very soon. Please follow this Sophos XG Firewall: Cannot handle more than 2 concurrent Quick Mode exchanges per IKE_SA when using IKEv1

Issues Resolved

• NC-23258 [API] System debug logs should not contain sensitive information
• NC-21429 [Authentication] Users don't show the correct properties from their group after auto-creation
• NC-21820 [Authentication] Make Access Server port (6060) use IP_PKTINFO
• NC-22770 [Authentication] User role cannot change to Administrator for AD Users
• NC-22935 [Authentication] Users are unable to login with CAA
• NC-27199 [Authentication] Access Server crashes with eDirectory
• NC-20765 [Base System] If several SNMP communities exist with same name in XG, all are deleted if you delete one
• NC-22276 [Base System] SNMP Walk delivering inconsistent information
• NC-22323 [Base System] Garner fails to log when multiple threads call gr_io simultaneously
• NC-23073 [Base System] iView v3 doesn't display any email usage data
• NC-26730 [API, Base System] Unable to change admin password through API
• NC-25793 [Clientless Access] File browser does not load if directory contains a hardlink
• NC-25852 [Clientless Access] UI dialog doesn't reset after closing and reopen
• NC-21823 [Authentication, Firewall] Live users only displaying 8192 users
• NC-22738 [Firewall, Performance] Firewall page load time increases after adding firewall groups
• NC-22878 [Firewall] Allow user to edit rule while double clicking on the rule
• NC-23254 [Firewall] In TAP mode, management interface doesn't respond when same traffic is seen on TAP and MGMT
• NC-25628 [Firewall] Appliance inaccessible after restoring backup file from 16.5 MR8 to 17 MR1
• NC-25724 [Firewall] Special character "|" allowed in firewall rule name but then does not allow moving firewall rule within the group
• NC-25965 [Firewall] Unable to delete a proxy-arp entry
• NC-25970 [Framework(UI)] Change React.js to production mode in SFOS release builds
• NC-23212 [HA] Wrong Dedicated Link value is displayed after saving HA Auxiliary configuration
• NC-23077 [Hotspot] Changing hotspot customization type from Full to Basic or Basic to full, removes default voucher template
• NC-26137 [Hotspot] Interfaces not listed correctly for hotspot configuration
• NC-22572 [IPS] "Status" value is empty for IPS logs in log viewer
• NC-26882 [IPS] User can not add IPS Policy Rules to SF with 'Smart Filter' option enabled in any IPS policy using SFM
• NC-27230 [IPS] IPS service is in dead state
• NC-23016 [IPsec] RSA connection not working without remote ID and remote gateway '*'
• NC-26152 [IPsec] IKEv2 initiator does not try forever if rekeying tries = 0
• NC-26338 [IPsec] VPN failover timeout takes too long
• NC-26339 [IPsec] Remote access with IPsec/PSK can't be established
• NC-26354 [IPsec] IPsec UP notifications are being sent even though the tunnel is UP for IKEv2
• NC-26582 [IPsec] IPSec tunnel not reinitiated after PPPoE reconnect
• NC-26634 [IPsec] Add validation message for PSK connections with remote '*'
• NC-26888 [IPsec] UI - Hostname beginning with a number for VPN remote gateway address is not accepted
• NC-26988 [IPsec] VPN connection can't be established if the PSK is very long
• NC-26998 [IPsec] Webadmin is very slow after update to SF v17 MR3
• NC-27030 [IPsec] System unresponsive after enabling non-establishing IPsec connections
• NC-27255 [IPsec] 64 characters PSK gets truncated to 57 characters
• NC-26100 [Logging] Typo in "Missing Heartbeat" in log viewer
• NC-19417 [Mail Proxy] Emails have the banner as an attachment instead of inline in the message
• NC-22816 [Mail Proxy] Unable to release quarantined emails - 'Bad Request' received
• NC-23049 [Mail Proxy] "Release" link in quarantine digest not obeying configuration settings when SF in HA (A-A)
• NC-25705 [Mail Proxy] Antivirus fails to start after downgrade from v17.0 MR2 to v16
• NC-25808 [Mail Proxy] AwarrenMTA: few mails appear on queue after delivery (DB query fails due to special character)
• NC-26061 [Mail Proxy] IP reputation check is skipped when clubbed with 'recipient verification' policy
• NC-26750 [Mail Proxy] RBL scan should be skipped if IP address is in Allowed IP address list
• NC-26773 [Mail Proxy] Incorrect values shown for disk utilization for SMTP quarantine
• NC-21877 [Networking] Remove limit for static IP-MAC mapping in DHCP
• NC-22792 [Networking] Full import export is failing due to specific invalid dhcp config
• NC-25395 [Networking] Wrong port OUT marked while using of primary and secondary gateway
• NC-23178 [nSXLd] URL categorization look up fails
• NC-23206 [nSXLd] Unable to save domain info in customized web categories
• NC-26080 [Reporting] "Internal Server Error" while accessing Web Admin
• NC-25589 [SSLVPN] Username with '@' is not displayed correctly in SSL VPN Client
• NC-22961 [Synchronized App Control] Add customized apps to the "categorized" widget in control center
• NC-25309 [Synchronized App Control] Timestamps for last occurrence should not show seconds
• NC-25950 [Synchronized App Control] Endpoint name is shown wrong after upgrade to MR-2
• NC-25953 [Synchronized App Control] Normalized path is shown instead of filename after upgrade to MR-2
• NC-22750 [UI] Control Center - text wrapped and appears on two lines in Japanese language
• NC-26242 [UI] Web Server Protection >> General Settings tab is not displayed in some languages
• NC-26340 [Up2date Client] Message "New firmware available for AP" shown on dashboard although version is already installed
• NC-21760 [WAF] Ruleid is not set in case of HTTPS host mismatch
• NC-25461 [WAF] Additional cookie from WAF is added without HttpOnly detail
• NC-25633 [WAF] Unable to edit/save WAF rule
• NC-18732 [IPS, Web] Load average is going high on CR300iNG with SFOS v16.5 & v17.0 GA
• NC-22030 [Web] Policy tester does not allow multicast addresses in the URL
• NC-22752 [Web] Range requests cannot download files larger than 2GB
• NC-22993 [Web] TeamViewer not working after upgrading to 16.5 MR7
• NC-23061 [Web] Content Filter details are not displayed with languages other than English
• NC-23082 [Web] Garner segfault occurred in feedback channel plug-in
• NC-25356 [Web] High memory utilization increasing daily on XG430
• NC-25370 [Web] Web Proxy does not work correctly when application filter is set to "Synchronized App Control"
• NC-25397 [Web] Logout option disappears from Captive Portal page
• NC-25582 [Web] Range header in requests should not be validated when AV scanning is not required
• NC-25771 [Web] Gmail: Email attachment upload failed with HTTPS scanning
• NC-26352 [Web] Outlook cert error in explicit mode on dns failures
• NC-25687 [Wireless] Built-in AP is not broadcasting unless it is configured in a separate zone
• NC-26380 [Wireless] Wrong wireless AP status displayed in Control Center