Sophos XG: SFOS 17.0.6 MR6 Released

Sophos has just released the long awaited MR6, for SFOS v17, I have installed it, and it looks like the VPN dropouts, finally stopped 🙂

Release notes:

Note: On v16 to v17 update, SFOS does not set SHA2 truncation on custom IPSec policy. Please see for details.

Issues Resolved

  • NC-26520 [Base System] Logviewer exceeds allotted diskspace
  • NC-26601 [Base System] validatePort didn’t validate all used ports correctly
  • NC-25574 [IPsec] Upgrade to v17 failed when a policy with name ‘IKEv2’ was created before upgrade
  • NC-26694 [IPsec] High memory usage of charon
  • NC-27001 [IPsec] Unable to enable the fail-over group for IPSec
  • NC-27228 [IPsec] IPsec connection ref count sometimes wrong
  • NC-27276 [IPsec] IKEv2 connection not retried when receiving AUTH_FAILED
  • NC-27278 [IPsec] Display issue in IE11 for IPSec Connections – NAT
  • NC-27283 [IPsec] HA: Hard reset failover takes too long
  • NC-27333 [IPsec] HA: Connections not synced to aux when pushing connect button
  • NC-27384 [IPsec] Race condition in charon when 60s retry timeout and IKE_INIT occur close together
  • NC-27412 [IPsec] IPSec failover group shows 2 active connections
  • NC-27510 [IPsec] IKEv1: cannot handle more than 2 concurrent Quick Mode exchanges per IKE_SA
  • NC-27608 [IPsec] IPSec Profiles XML has no information for new added configuration
  • NC-27734 [IPsec] Unable to recreate the config using the same connection name in Cisco VPN connection after reset
  • NC-27916 [IPsec] CSC freezing sporadically & system goes unresponsive
  • NC-28090 [IPsec] Follow Up – VPN connection can’t be established if the PSK is very long
  • NC-27240 [Mail Proxy] Unable to send emails due to auto routing to rcpt DNS in case of greylisting reply for MX
  • NC-27382 [Network Services] DHCP Relay didn’t work after upgrade to SF v17 MR3
  • NC-26104 [Networking] Networkd dead in HA setup
  • NC-27488 [WAF] Mod_url_hardening stack corruption


You can find the firmware for your appliance from in MySophos portal.


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.