Sophos has just released the long awaited MR6, for SFOS v17, I have installed it, and it looks like the VPN dropouts, finally stopped 🙂
Release notes:
Note: On v16 to v17 update, SFOS does not set SHA2 truncation on custom IPSec policy. Please see https://community.sophos.com/kb/127867 for details.
Issues Resolved
- NC-26520 [Base System] Logviewer exceeds allotted diskspace
- NC-26601 [Base System] validatePort didn’t validate all used ports correctly
- NC-25574 [IPsec] Upgrade to v17 failed when a policy with name ‘IKEv2’ was created before upgrade
- NC-26694 [IPsec] High memory usage of charon
- NC-27001 [IPsec] Unable to enable the fail-over group for IPSec
- NC-27228 [IPsec] IPsec connection ref count sometimes wrong
- NC-27276 [IPsec] IKEv2 connection not retried when receiving AUTH_FAILED
- NC-27278 [IPsec] Display issue in IE11 for IPSec Connections – NAT
- NC-27283 [IPsec] HA: Hard reset failover takes too long
- NC-27333 [IPsec] HA: Connections not synced to aux when pushing connect button
- NC-27384 [IPsec] Race condition in charon when 60s retry timeout and IKE_INIT occur close together
- NC-27412 [IPsec] IPSec failover group shows 2 active connections
- NC-27510 [IPsec] IKEv1: cannot handle more than 2 concurrent Quick Mode exchanges per IKE_SA
- NC-27608 [IPsec] IPSec Profiles XML has no information for new added configuration
- NC-27734 [IPsec] Unable to recreate the config using the same connection name in Cisco VPN connection after reset
- NC-27916 [IPsec] CSC freezing sporadically & system goes unresponsive
- NC-28090 [IPsec] Follow Up – VPN connection can’t be established if the PSK is very long
- NC-27240 [Mail Proxy] Unable to send emails due to auto routing to rcpt DNS in case of greylisting reply for MX
- NC-27382 [Network Services] DHCP Relay didn’t work after upgrade to SF v17 MR3
- NC-26104 [Networking] Networkd dead in HA setup
- NC-27488 [WAF] Mod_url_hardening stack corruption
Downloads
You can find the firmware for your appliance from in MySophos portal.