Sophos XG Firewall v18 EAP 2 Firmware Has Been Released!

Billedresultat for sophos xg xstream"

Sophos has released EAP2 today for XG SFOS v18, it gives a lot of fixes and new features, looking so much forward to EAP3 🙂

Important Issues Resolved in SF v18 EAP 2

  • NC-50214 [DHCP] DHCP server dead with specific configuration
  • NC-48712 [Email] Antivirus service in stopped state, cannot recover it
  • NC-51717 [DDNS, Email] DDNS uses wrong IP when interface is configured with PPPoE + Alias
  • NC-37775 [Firewall] Configuring over 20 time schedulers on the various firewall rules is causing CSC freeze
  • NC-50712 [Firewall] NAT Rules UI error
  • NC-47482 [Firmware Management] Firmware mismatch issue – both firmware slots showing same firmware
  • NC-52441 [Firmware Management] Some time firmware ‘install’ opcode getting timeout and installation failed
  • NC-51568 [IPS-DAQ] Coredump in snort
  • NC-52085 [IPS-DAQ] Wget not working for IPv6 sites in bridge mode – SSL decrypt not working
  • NC-49919 [IPsec] Dgd service stopped and unable to start
  • NC-48106 [Logging Framework] XG85 – /tmp partition fills up
  • NC-51956 [Web] Slow browsing with DPI Mode – System with 4gb RAM
  • NC-52710 Gateway status was showing down after upgrading to EAP1 Refresh
  • NC-52642 “Last 24 hours Memory” Usage Report Bubble show wrong figure
  • NC-52684 /tmp full : Appliance storing backup frequently at /tmp/backup
  • Plus 200+ issues and stability fixes are part of EAP 2

New Features and Highlights in SF v18 EAP 2

  • User based uplink selection in the SDWAN policy routes
  • Sandstorm threat intelligence detailed report is now available
  • VLAN members in bridge
  • Improved Firewall and NAT rule management
    • Advanced filter now has exclusion, proxy, HTTP scanning options
    • Firewall exclusion config is now seen on the manage page
    • Move firewall rule to <nth> position (across the pages)
    • Retain filter on firewall page (session wise)
    • Add / Detach multiple rule to a Group
    • Policy test tool error correction
    • Linked NAT
      • Added Hide linked rule option on NAT manage page
      • Linked NAT rules can be filtered from NAT type filter
      • Auto-populated linked NAT details
      • Added Override SNAT config icon with the tool tip on NAT rule manage page
      • Added Health Check interval (on UI) on NAT Policy page
  • A part of HA enhancement (other improvements have been planned in EAP 3)
    • Added cluster ID to eliminate VMAC conflict limitation
    • Now supports option to use host/ hypervisor MAC to eliminate vSwitch Promiscuous mode limitation
    • Now supports pre-emption/ Failback
    • Eliminated downtime in case of upgrade using “Firmware Upgrade now and boot later” option
    • HA synchronization now happens over SSH tunnel based secure communication
  • CLI option to enable-disable policy route trigger on reply traffic and system generated traffic
  • Port agnostic protocol identification for HTTP and SMTP in Snort

Read more:

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.