Sophos has just released the long awaited MR6, for SFOS v17, I have installed it, and it looks like the VPN dropouts, finally stopped 🙂

Release notes:

Note: On v16 to v17 update, SFOS does not set SHA2 truncation on custom IPSec policy. Please see https://community.sophos.com/kb/127867 for details.

Issues Resolved

• NC-26520 [Base System] Logviewer exceeds allotted diskspace
• NC-26601 [Base System] validatePort didn’t validate all used ports correctly
• NC-25574 [IPsec] Upgrade to v17 failed when a policy with name ‘IKEv2’ was created before upgrade
• NC-26694 [IPsec] High memory usage of charon
• NC-27001 [IPsec] Unable to enable the fail-over group for IPSec
• NC-27228 [IPsec] IPsec connection ref count sometimes wrong
• NC-27276 [IPsec] IKEv2 connection not retried when receiving AUTH_FAILED
• NC-27278 [IPsec] Display issue in IE11 for IPSec Connections – NAT
• NC-27283 [IPsec] HA: Hard reset failover takes too long
• NC-27333 [IPsec] HA: Connections not synced to aux when pushing connect button
• NC-27384 [IPsec] Race condition in charon when 60s retry timeout and IKE_INIT occur close together
• NC-27412 [IPsec] IPSec failover group shows 2 active connections
• NC-27510 [IPsec] IKEv1: cannot handle more than 2 concurrent Quick Mode exchanges per IKE_SA
• NC-27608 [IPsec] IPSec Profiles XML has no information for new added configuration
• NC-27734 [IPsec] Unable to recreate the config using the same connection name in Cisco VPN connection after reset
• NC-27916 [IPsec] CSC freezing sporadically & system goes unresponsive
• NC-28090 [IPsec] Follow Up – VPN connection can’t be established if the PSK is very long
• NC-27240 [Mail Proxy] Unable to send emails due to auto routing to rcpt DNS in case of greylisting reply for MX
• NC-27382 [Network Services] DHCP Relay didn’t work after upgrade to SF v17 MR3
• NC-26104 [Networking] Networkd dead in HA setup
• NC-27488 [WAF] Mod_url_hardening stack corruption

Downloads

You can find the firmware for your appliance from in MySophos portal.