PULLED: Sophos XG Firewall v18 MR1 is now available!

UPDATE 16/4-2020:

Sophos has pulled MR1, please do not install and roll back to previous firmware!!!

Advisory: Sophos XG Firewall – Traffic not passing after upgrading to v18 MR1


 

Sophos has released MR1 for XG v18, providing support for new red devices, here are the release notes:

XG Firewall v18 MR1 is now available!

Hi XG Community!

We’ve released XG Firewall v18 MR1.

Enhancements

  • Supports new SD-RED 20 and SD-RED 60 devices.
  • XG Firewall web console now shows granular reasons for firmware upload failure
  • Plus, more than 45 issues resolved in this release (refer Issues Resolved section below)
  • With the tremendous need for VPN connectivity in this challenging time, we have put together some important information here for you to achieve your networking needs:
    1. To configure VPN Remote Access on your Sophos XG Firewall. Check out this useful Community post!
    2. To substitute XG for RED devices via Light-Touch deployment from Sophos Central. Check out this useful Community post!

Note: Upgrade from SF 17.5 MR11 to v18.0 MR1 is now supported.

More on XG Firewall v18

Please refer XG Firewall v18 highlights for more details on all-new Xstream Architecture delivering extreme new levels of visibility, protection and performance. Also, check out our XG Firewall v18 playlist on YouTube to find out what’s new in XG Firewall v18!

Get it now!

As usual, this firmware update is no charge for all licensed XG Firewall customers. The firmware will be rolled-out automatically to all systems over the coming weeks but you can access the firmware anytime to do a manual update through Licensing Portal. You can refer this article for more information on How to upgrade the firmware.

For fresh installations, we will update this post with installer download links soon.

Things to know before upgrading

You can upgrade from SFOS 17.5 (MR6 to MR11) to 18.0 MR1. Check out the relevant sections of the XG v18 release notes for details on:

Issues Resolved

  • NC-30903 [Authentication] STAS configuration is editable via GUI on AUX machine
  • NC-50703 [Authentication] Access server restarted with coredump using STAS and Chrome SSO
  • NC-50716 [Authentication] Cannot import LDAP server via XMLAPI if client cert is “None”
  • NC-54689 [Authentication] Support download certificate for iOS 13 and above
  • NC-55277 [Authentication] Service “Chromebook SSO” is missing on Zone page
  • NC-51660 [Backup-Restore] Restore failed using a backup of XG135 on SG230 appliance
  • NC-55015 [Bridge] Wifi zone is not displayed while creating bridge
  • NC-55356 [Bridge] TCP connection fails for VLAN on bridge with HA Active-Active when source_client IP address is odd
  • NC-52616 [Certificates] Add support for uploading of CRLs in DER format
  • NC-55739 [Certificates] EC certificate shows up as “RSA” in SSLx CA cert dropdowns
  • NC-55305 [CM (Zero Touch)] System don’t restart on changing time zone while configured through ZeroTouch
  • NC-55617 [CM (Zero Touch)] Getting wrong error message in log viewer after ZeroTouch process
  • NC-55909 [Core Utils] Unable to see application object page on SFM
  • NC-30452 [CSC] Dynamic interface addresses not showing on Aux after failover
  • NC-54233 [CSC] EpollWorker coredump
  • NC-55386 [Dynamic Routing (PIM)] PIM-SM import fails with LAG as dependent entity
  • NC-55625 [Dynamic Routing (PIM)] In HA with multicast interface, routes are not getting updated in the Aux routing table
  • NC-55461 [Email] After adding/edit FQDN host with smarthost, it is not displayed on the list until refresh the page
  • NC-58898 [Email] Potential RCE through heap overflow in awarrensmtp (CVE-2020-11503)
  • NC-55635 [Firewall] Display filter for forwarded is not working properly on packet capture page
  • NC-55657 [Firewall] HA backup restore fails when port name is different in backup and appliance
  • NC-55884 [Firewall] IPS policy id and appfilter id not displaying in firewall allow log in logviewer
  • NC-55943 [Firewall] Failed to resume existing connection after removal of heartbeat from firewall configuration
  • NC-57084 [Firewall] Custom DMZ not listed in dedicated link HA configuration
  • NC-44938 [Firmware Management, UX] Web UI does not surface reasons for firmware upload failure
  • NC-55756 [Gateway Management] Gateway isn’t deleted from SFM UI after deleting it from SFM
  • NC-55552 [HA] WWAN interface showing in HA monitoring ports
  • NC-55281 [Import-Export Framework] Full configuration import fails when using third party certificate for webadmin setting
  • NC-55171 [Interface Management] VLAN Interface IP is not assigned via DHCP when gateway name uses some special characters
  • NC-55442 [Interface Management] DNS name lookup showing incorrect message
  • NC-55462 [Interface Management] Import fails on configuring Alias over VLAN
  • NC-55659 [Interface Management] Invalid gateway IP and network IP configured using API for IPv6
  • NC-56733 [Interface Management] Patch PPPd (CVE-2020-8597)
  • NC-51776 [IPS Engine] Edit IPS custom rule protocol doesn’t work after creation
  • NC-51558 [IPsec] Add warning message before deleting xfrm ipsec tunnel
  • NC-55309 [Logging] Local acl rule not created through log viewer for IPv4 and IPv6
  • NC-50413 [Logging Framework] Gateway up event log for PPPoE interface not always shown in logviewer
  • NC-55346 [Logging Framework] Clear All for “Content filtering” does not clear SSL/TLS filter option
  • NC-56831 [Policy Routing] SIP traffic sometimes not working with SDWAN policy route
  • NC-46009 [SecurityHeartbeat] Spontaneous reconnects of many endpoints
  • NC-51562 [SecurityHeartbeat] Heartbeat service not started after HA failover
  • NC-52225 [Synchronized App Control] SAC page loading issues as the list of apps increases
  • NC-54078 [UI Framework] Internet Explorer UI issue on certain rules and policies pages
  • NC-56821 [Up2Date Client] SSL VPN downloading with the 0KB
  • NC-54007 [Web] File type block messages sometimes contain mimetype rather than file type

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close