Sophos has released early access for v18.5 MR1, read more here
Remember after 18.5 NO AP-models accesspoints are supported, only APX-models are!!!!
Here’s a full list of what’s new in v18.5 MR1:
Support for new Central Orchestration Subscription (included in the new Xstream Protection license bundle):
- Central SD-WAN VPN Orchestration enables easy point-and-click site-to-site VPN orchestration from Sophos Central – automatically configuring the necessary tunnels and firewall access rules for your desired SD-WAN overlay network.
- Central Firewall Reporting Advanced with 30-days of data retention for full multi-firewall reporting in Sophos Central with access to all pre-packaged reports plus flexible custom report capabilities and the option to save, schedule, or export your reports.
- Sophos MTR/XDR connector to enable Sophos Firewall intelligence and data to be used as part of our Managed Threat Response 24/7 service, or as part of your self-managed cross-product extended detection and response solution.
A separate community post with the full details on Central Orchestration and how to take advantage of it will be published later today. Keep watching this space.
- Resolved FragAttack Vulnerabilities recently discovered in the Wi-Fi specification for all internal and add-on Wi-Fi modules for Sophos (XG) Firewall desktop series appliances. All other updates will follow as outlined in this advisory.
- Enhanced Backup/Restore Support improves backup/restore operations across different models by better mapping the management ports. v18.5 MR1 can also restore backups from v18 MR5 and earlier including any older v17.5 MRs.
- XGS Series Reset Button enables a long press of the hardware reset button on XGS Series appliances (XGS 116 and higher models) to perform a factory reset to help recover from a bad configuration.
- VPN Tunnel Logging adds improved logging of VPN tunnel flap events and IPsec IKEv2 rekeying
- Sophos DDNS (myfirewall.com) will be discontinued and no longer supports new registrations. This is planned from January 31, 2022. Refer to KBA-41764 for more details.
- NC-69584 [Authentication, SSLVPN] The user information displayed for remote users under Monitor & Analyze -> Current activities on Web Admin are not display proper.
- NC-73734 [Date/Time Zone] Reports showing wrong time zone due to /etc/timezone is not updated during restore
- NC-73542 [Email] DKIM signing broken in Exim 4.94
- NC-73665 [Email] Email exception list is empty for source/host if you save and re-open the exception
- NC-58370 [Firewall] User logout event clears firewall fields in conntrack of connection going through network based rules, results in packet drop
- NC-66067 [Firewall] Firewall filter for ‘unused’ rules does not work.
- NC-69495 [Firewall] XG 210 frequently rebooting [skb->sk corruption]
- NC-69558 [Firewall] XG750 22.214.171.1247 crash: tcp_v4_rcv+0xb14/0xbb0
- NC-70461 [Firewall] IPv6 Host group doesn’t match when a network type host is added in host group
- NC-71473 [Firewall] PortB4 (not existing) still shows up in custom SNAT on CLI
- NC-71922 [Firewall] Chitale: XGS6500 auto rebooted
- NC-72153 [Firewall] VLAN on bridge with fastpath enabled does not pass traffic
- NC-72494 [Firewall] When multiple packets are sent from the same origin to the same destination at the same time,the first packets always get drop
- NC-68595 [HA] Unable to establish HA with Quick Mode
- NC-72076 [HA] HA sync dir failure resulted in empty directory
- NC-69937 [Hotspot] Hotspot option device per voucher is inconsistent
- NC-72311 [Hotspot] Hotspot user logged in when the arp resolution was in incomplete state
- NC-71126 [Interface Management] XGS 116w EAP3 – IF alias UI timeout error
- NC-71333 [Policy Routing] Incoming VPN traffic doesn’t follow SDWAN policy
- NC-71151 [QoS] Unable to edit/add users when traffic shaping policy exist with name “None”
- NC-71996 [SNMP] SNMPD memory usage keeps increasing
- NC-73687 [SSLVPN] SSLVPN remote access: push_reply does not include updated permitted lan networks
- NC-71443 [WAF] WAF license warning even if WAF is subscribed