Sophos XG: SFOS v18 now GA :-)

https://community.sophos.com/products/xg-firewall/b/blog/posts/sophos-xg-firewall-v18-is-now-available

Now it’s done, here are the full release notes:

  • SF 18.0 GA (18.0.0.321)
News
  • Feature Release
  • .
  • Xstream Architecture (Xstream SSL Inspection, Xstream DPI Engine, Xstream Network Flow FastPath)
  • SD-WAN Policy-based Routing enhancements, SD-WAN Application Routing and Synchronized SD-WAN
  • Sandstorm Threat Intelligence Analysis and Reporting
  • Sophos Central Firewall Reporting and Management
  • NAT Enhancements
  • Firewall Rules Management Improvements
  • Route-based VPN
  • High Availability (HA) Enhancements
  • Email or SNMP Alerts and Notifications and SNMPv3
  • Radius Timeout with Two-Factor Authentication
  • Actionable Log Viewer
  • Bridge Interface Enhancements (ARP broadcasts, Spanning Tree Protocol (STP) traffic, and filter non-IP protocols)
  • Advanced inter-VLAN routing and bridging (VLANs on Bridge)
  • Flow Monitoring Improvements
  • Interface Renaming
  • Secure Syslog and Logs in the Standard Syslog Format
  • VMware Tools (v10.3.10) Upgrade and Integration With VMware Site Recovery Manager (SRM)
  • Jumbo Frame Support
  • Enhanced DDNS Support
  • Kerberos Authentication and NTLM
  • Intelligent IPS Signature Selection
  • Browsing quotas in web policies
  • Wildcard Domain Support in WAF
  • DKIM and BATV Anti-Spam Protection
  • .
  • For more details, please refer release notes here https://docs.sophos.com/nsg/sophos-firewall/18.0/releasenotes/en-us/nsg/sfos/releasenotes/rn_NewFeatures.html
Resolved issues
  • NC-33664 [App Signature] Unable to block Psiphon
  • NC-42675 [Authentication] access_server returns ‘Login Failed’ if two awarrenhttp threads call in at same time
  • NC-44686 [Authentication] Import/export of AUTHCTA has missing and incorrect values
  • NC-48116 [Authentication] Importing users via csv file with special character in password fails
  • NC-50521 [Authentication] User group assignment issue with LDAP users
  • NC-54642 [Authentication] Authentication not working due to high CPU utilization of access_server
  • NC-50136 [Backup-Restore] ISP failover for 2 PPPoE connections is not working for local LAN systems
  • NC-51979 [Backup-Restore] Can’t reflect time zone from restoring backup file after factory resetting
  • NC-32336 [Base System (deprecated)] gpg vulnerability (CVE-2018-12020)
  • NC-42490 [Base System (deprecated)] Validation function for legacy objects does not get called
  • NC-55640 [Bridge] Firewall rule id not matching if traffic is going into wifi interface
  • NC-45935 [Certificates] Fingerprint not updated on Default CA regenerate event
  • NC-49023 [Certificates] Webproxy signing with non default certificate when using HTTPS Scanning
  • NC-54562 [Certificates] CAs are missing after update from v18 EAP2 to EAP3
  • NC-29869 [Clientless Access(HTTP/HTTPS)] “Internal Server Error” after adding many VPN bookmarks
  • NC-48516 [Config Migration Framework] Configuration migration log on console is wrong in case of failed migration
  • NC-55270 [Config Migration Framework] Report migration failed
  • NC-49648 [CSC] API Get BridgePair requests sometimes report incorrectly “No. of records Zero.”
  • NC-52857 [CSC] One time scheduler doesn’t work as expected in case of DST
  • NC-51717 [DDNS, Email] DDNS uses wrong IP when interface is configured with PPPoE + Alias
  • NC-38763 [DHCP] IP not leased to DHCP only interface when update from stateless
  • NC-38795 [DHCP] IPv6 not removed from DB while disable DHCPv6 manage flags from RA server
  • NC-38930 [DHCP] Editing DHCPv6 interface with auto configuration does not get IP from DHCPv6 server
  • NC-39157 [DHCP] DHCPv6 client option “Accept other configuration from DHCP” is not working
  • NC-50214 [DHCP] DHCP server dead with specific configuration
  • NC-51957 [Documentation] Showing fastpath load failed with command “console> system firewall-acceleration show”
  • NC-48712 [Email] Antivirus service in stopped state, cannot recover it
  • NC-51340 [Email] Mailscanner child process causing OOM events when editing blocked senders list
  • NC-51347 [Email] Error message “undefined” received when trying to add host
  • NC-51883 [Email] API error 599 when performing GetRequest for various email modules
  • NC-52212 [Email] Reject/Drop action not work correctly for oversized mails
  • NC-53016 [Email] Email Blocked Senders cannot be updated
  • NC-55138 [Email] SAVI AV update failed
  • NC-22659 [Firewall] IPtable chains not created for firewall rule whose name contains blackslash ‘\\\\\’
  • NC-30482 [Firewall] DNAT rules stop working after every reboot when migrating from UTM to SFOS
  • NC-36616 [Firewall] Firewall group not available in APIhelpdoc
  • NC-37775 [Firewall] Configuring over 20 time schedulers on the various firewall rules is causing CSC freeze
  • NC-43017 [Firewall] Full config export does not include Security Policy group
  • NC-43415 [Firewall] In the firewall rule, types of services are not translated
  • NC-48803 [Firewall] Virtual Host update is calling on every FQDN IP update even its not used in virtual host configuration
  • NC-49101 [Firewall] Group description delete issue in firewall
  • NC-49678 [Firewall] Default ICMP service not matching in policy test tool
  • NC-50222 [Firewall] Firewall rule position display is incorrect on rule deletion
  • NC-50549 [Firewall] Drop packet does not show all the information for firewall rule ID 0 drop compare to v17.5
  • NC-50712 [Firewall] NAT rules UI error
  • NC-50949 [Firewall] Wrong ARP behavior in relation to DNAT rules
  • NC-51867 [Firewall] Denied firewall logs send to garner for allowed firewall rule even if logging is disabled
  • NC-51964 [Firewall] DNAT rule stopped working after every reboot
  • NC-52395 [Firewall] Getting wrong username in admin event for firewall rule group name update
  • NC-52429 [Firewall] Web access lost for 10+ minutes after HA fail-over
  • NC-52638 [Firewall] WAF is not able to connect to webserver via IPsec tunnel
  • NC-52662 [Firewall] Continuous receiving ‘fw_fp_invalidate_microflows:459: Queueing invalidate work ffff8801ed1bb5c0’ error in syslog
  • NC-52853 [Firewall] Observed feedback channel plugin of garner core dump on XG330
  • NC-52873 [Firewall] Kernel warning message ‘RIP: 0010:tcp_send_loss_probe+0x13f/0x1c0’ observed in syslog
  • NC-53364 [Firewall] Firewall rules are not getting created correctly using XML API
  • NC-53988 [Firewall] Kernel panic on XG450 appliance
  • NC-54038 [Firewall] Wrong notification message displayed after disabling firewall rule
  • NC-55261 [Firewall] Appliance crashing with Kernel Panic
  • NC-55789 [Firewall] Ipuser ipset dumps when user is authenticated via STAS
  • NC-47482 [Firmware Management] Firmware mismatch issue – both firmware slots showing same firmware
  • NC-52441 [Firmware Management] Some time firmware ‘install’ opcode getting timeout and installation failed
  • NC-38800 [HA] Incorrect error message when configure HA A-A with DHCP interface
  • NC-39015 [HA] Unable to configure peer administration port for HA A-P when one of IP family of the interface is Dynamic IP assignment
  • NC-30485 [Import-Export Framework] Export full configuration some time fails with error – ‘The request could not be completed’
  • NC-39229 [Interface Management] XG unsynced with SFM when unbind any interface from SFM
  • NC-46514 [Interface Management] Cyberoam backup restore fails when DHCPv6 interface configured
  • NC-48450 [Interface Management] Table for interface widget is not visible in control center page
  • NC-49938 [Interface Management] Some time traffic drop in bridge mode
  • NC-48956 [IPS Engine] Modify IPS TCP Anomaly Detection setting to disabled in default setting
  • NC-53875 [IPS Engine] IPS keeps getting started because of page allocation failure
  • NC-51568 [IPS-DAQ] Coredump in snort
  • NC-52085 [IPS-DAQ] Wget not working for IPv6 sites in bridge mode – SSL decrypt not working
  • NC-53363 [IPS-DAQ] Internet traffic hang and all traffic dropped
  • NC-52641 [IPS-DAQ-NSE] IPS Service DEAD
  • NC-54310 [IPS-DAQ-NSE] CC terminals not establish a connection with server
  • NC-29370 [IPsec] Tunnel is getting established even though PFS is disabled on the VPN client side and enabled in SFOS IPsec profile
  • NC-49919 [IPsec] Dgd service stopped and unable to start
  • NC-33848 [LAG] LAG advanced options not working when LAG is member of Bridge
  • NC-40683 [LAG] LAG active mode import-export is not working
  • NC-52090 [Logging] LogViewer: “Action is not Allowed” filtering not working in detailed view
  • NC-52762 [Logging] LogViewer: system mentioned in upper case
  • NC-46114 [Logging Framework] Improper input validation and email notification after failed login (Webadmin, SSH, …)
  • NC-50127 [Logging Framework] Garner coredump in HA setup at handle_sync_input
  • NC-51942 [Logging Framework] Policy Test Tool not working if firewall rule created with destination network as country or country group
  • NC-37839 [nSXLd] Proxy authentication is not cleared after config reload
  • NC-37841 [nSXLd] Keywords are not deleted when custom web category is deleted
  • NC-54525 [RED] S2S RED tunnel doesn’t established on SFOS after EAP2 to EAP3 upgrade
  • NC-28022 [Reporting] Incomplete field names on data anonymization page
  • NC-42864 [Reporting] Reports downloaded in PDF format have logo too close to the first line in most pages
  • NC-43183 [Reporting] When data anonymization is enabled, scheduled reports are showing “Not available” instead of anonymized string
  • NC-45154 [Reporting] Cannot specify hour and minute properly in Detailed Custom Reports
  • NC-45236 [Reporting] Reports sent 1 hour later than scheduled
  • NC-46178 [Reporting] “Web Risks & Usage Visibility” not showing any data
  • NC-49273 [Reporting] Filtering on blocked user activities not working as expected
  • NC-52120 [Reporting] Daily Reports are received but it delayed by different time
  • NC-52125 [Reporting] UTQ user data is empty in SAR report but populated in GUI dashboard report
  • NC-53072 [Reporting] Events reports (Admin, Authentication and System) are not generating due to db query for insert query getting failed
  • NC-53369 [Reporting] Application Categories shown as “Unclassified”
  • NC-54177 [Reporting] UTQ not generating due to change in web categories names
  • NC-48718 [Service Object] Unable to edit service object that is assigned to a firewall rule
  • NC-47585 [SFM-SCFM] Backedup ‘central reporting’ config is not maintained after Restoring config
  • NC-53043 [SNMP] Wrong data is displayed in SNMP query for CPU usage
  • NC-47348 [SSLVPN] LogViewer logs are not generated for ssl vpn connection up or down events
  • NC-55228 [SSLVPN] Site2site – SSLVPN client in HA is not initiating connection after active node shut down
  • NC-54150 [Static Routing] Data insertion is failing if large number of connections are present and Live Connection page is loaded
  • NC-54314 [Static Routing] Negative value is displayed in upstream/downstream bandwidth column
  • NC-51673 [UI Framework] User portal redirect loop when using non-standard port
  • NC-55193 [VFP-Firewall] Port self test reboots appliance – V18 fastpath
  • NC-23045 [WAF] WAF – Increase default TLS version to v1.2
  • NC-51952 [WAF] WAF firewall rule update failed after migration from 17.5 MR8 to 18.0 EAP1
  • NC-55034 [WAF] Web server timeout of 0 leads to syntax error in reverseproxy.conf
  • NC-51156 [Web] Dynamic app filter rules which do not contain any applications is enforced for all applications in WIS
  • NC-53402 [Web] Appliance auto reboot due to OOM (out of memory)
  • NC-53709 [Web] Tiktok video not working with plain firewall rule with SSL/TLS enabled
  • NC-54421 [Web] SSLx Exception based on SAC does not work
  • NC-44346 [WWAN] Celullar WAN does not takeover again on failover

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close