• Hardware
    • Firewall
      • XG Appliances
        • XG 86
        • XG 106
        • XG 115
        • XG 125
        • XG 135
        • XG 210
        • XG 230
        • XG 310
        • XG 330
        • XG 430
        • XG 450
        • XG 550
        • XG 650
        • XG 750
      • XG Accessories
      • SG Appliances
        • SG 105
        • SG 115
        • SG 125
        • SG 135
        • SG 210
        • SG 230
        • SG 310
        • SG 330
        • SG 430
        • SG 450
        • SG 550
        • SG 650
      • SG Accessories
    • Access Point
      • Appliances
        • APX 120
        • APX 320
        • APX 530
        • APX 740
        • APX 320X
        • AP 100X
      • AP Accessories
    • RED
      • Appliances
        • SD-RED 20
        • SD-RED 60
      • RED Accessories
  • Licence
    • Firewall
      • XG Licences
        • XG 85
        • XG 86
        • XG 105
        • XG 106
        • XG 115
        • XG 125
        • XG 135
        • XG 210
        • XG 230
        • XG 310
        • XG 330
        • XG 430
        • XG 450
        • XG 550
        • XG 650
        • XG 750
      • SG Licences
        • SG 105
        • SG 115
        • SG 125
        • SG 135
        • SG 210
        • SG 230
        • SG 310
        • SG 330
        • SG 430
        • SG 450
        • SG 550
        • SG 650
      • SFOS Software
        • 1 CPU 4GB RAM
        • 2 CPU 4GB RAM
        • 4 CPU 6GB RAM
        • 6 CPU 8GB RAM
        • 8 CPU 16GB RAM
        • 16 CPU 24GB RAM
        • Unlimited CPU / GB RAM
      • UTM Software
        • 10 User
        • 25 User
        • 50 User
        • 75 User
        • 100 User
        • 150 User
        • 250 User
        • 500 User
        • 750 User
        • 1000 User
        • 1500 User
        • 2500 User
        • unlimited User
    • Central
      • Endpoint Protection
      • Intercept X
      • Intercept X Advanced
      • Intercept X Advanced with EDR
      • Intercept X Advanced with EDR and MTR
      • Server Protection
      • Intercept X Advanced for Server
      • Intercept X Advanced for Server with EDR
      • Intercept X Advanced for Server with EDR and MTR
      • Mobile
      • Intercept X for Mobile
      • Wireless
      • Email Gateway
      • Device Encryption
      • Phish Threat
      • Firewall Reporting
  • Service
  • Blog
  • Support
  • Contact
  • English
    • Deutsch
Sign in
My Account
Cart
  1. Home
  2. Blog
  3. Sophos Firewall
  4. Sophos Firewall OS (SFOS) Update v17.5
  • Sophos Firewall 34
  • Sophos Central 28
  • Avanet Shop 32
  • Security Life 14

Subscribe

Subscribe to our Newsletter, RSS Feed or follow us on Social Media to make sure you don't miss an article.

Subscribe Now
Sophos Firewall OS (SFOS) Update v17.5 - MR3 released
sophos-firewall

Sophos Firewall OS (SFOS) Update v17.5: MR3 released

Patrizio February 12, 2019

Sophos has released version 17.5 MR3 for the Sophos Firewall OS (SFOS). The new firmware can now be downloaded from the MySophos Portal.

In the next days the new firmware will also be available automatically via the WebAdmin of the firewall and can be installed with a simple click.*

Note: For more information on upgrading, please take a look at the following post: KBA 123285 Sophos Firewall: How to upgrade the firmware.

*Only those who have paid for Sophos Enhanced Support can benefit from this more convenient option. Sophos Enhanced Support is automatically included with each bundle (EnterpriseProtect, EnterpriseGuard, TotalProtect, FullGuard) or can be purchased separately.

What happened to MR2?

SFOS 17.5 MR2 was released as a silent release, exclusively for NSS Labs. NSS Labs has tested the XG firewall before MR3 has been released, so everyone can enjoy the new features and bugfixes.

APX Support

When the new APX series of Sophos access points was released in July 2018, it was only possible to use them with Sophos Central Wireless. Sophos announced back then that support for the XG firewall would follow in December 2018. Today, two months late, APX access points can be managed through the XG firewall. 🎉

Sophos XG v17.5 MR3 - APX 740 on XG firewall

We have tested the XG Firewall Support with our APX 740. Since we used to run it via Central, the link had to be cleared first. After that, the access point was displayed on the XG firewall immediately. The connection worked without any problems. 😅

If you have an XG firewall in use and need new access points, we recommend to consider only the APX series. The normal AP models are still available for SG firewalls with the UTM operating system.

  • Sophos APX 120 (For Sophos Central only! XG support scheduled for mid-2019)
  • Sophos APX 320
  • Sophos APX 530
  • Sophos APX 740

Email Recipient verification using Active Directory

Since the UTM engine now also runs on the XG firewall, the last features are now gradually transferred to the XG. In SFOS v17.5.3 it is possible to do a receiver verification with Active Directory lookup. It is therefore checked in advance whether the mailbox or email address exists on the mail server before the email is sent.

Airgap Support

Airgap is a feature which has already been announced with SFOS 17.5. XG firewalls can now also be licensed and updated offline using this feature. The firmware could already be updated offline, but pattern updates are only possible with this firmware.

Bridge Interface - DHCP Client Support

Bridge interfaces can now receive IP4 and IP6 IP addresses and DNS information via DHCP.

Issues Resolved

  • NC-29354 [API] Response for xmlapi get for SyslogServer is missing some value
  • NC-29808 [API] API Authentication should be case insensitive
  • NC-35920 [API] Wrong XML is generated for client-less users when username added with capital letter
  • NC-30616 [Authentication] Guest username/id and passwords are changed after migration
  • NC-33449 [Authentication] Group name showing under “undefined” during AD group import
  • NC-35923 [Authentication] XML export of guest users contains wrong information of user validity
  • NC-38607 [Authentication] Provide a JSON config download for GSuite in the XG UI
  • NC-39026 [Authentication] Chromebook Support port is missing in port validation opcode
  • NC-39106 [Authentication] Access_server is restarted due to missing service heartbeat
  • NC-30365 [Base System] Fix error message for new firmware check on auxiliary device
  • NC-37824 [Base System] SFM/CFM - at device dashboard AV version shows as 0
  • NC-38546 [Base System] Fix log message for scheduled backup and update message
  • NC-39177 [Base System] Garner - sigsegv_dump: Segmentation Fault
  • NC-39179 [Base System] Customization of captive portal not working
  • NC-39688 [Base System] Virtual firewall reboots after applying license
  • NC-40157 [Base System] Garner service stopped with sigsegv_dump: Segmentation Fault
  • NC-40268 [Base System] Not able to access HA device via Central Management
  • NC-38469 [Email] Increase csc monitor time for avd service
  • NC-38521 [Email] Add support for recipient verification via AD using STARTTLS
  • NC-39827 [Email] Improve documentation for mail spool and SMTP policies
  • NC-35434 [Firewall] csc worker gets killed causing errors in port forwarding
  • NC-35521 [Firewall] Import of exported config does not recreate the device access permissions correctly
  • NC-38318 [Firewall] XML change and revert details are not generated for “firewall group” entity when create firewall rule from SFM device Level
  • NC-39316 [Firewall] Group edit fail when user edit existing group and new name have double space
  • NC-39605 [Firewall] Modifying one time schedules fails, if timer has already triggered
  • NC-40080 [Firewall] Improve UI and help for group creation based on EAP feedback
  • NC-29296 [IPsec] Charon doesn’t reconnect in all cases
  • NC-29365 [IPsec] IPSec tunnel fails when there are whitespaces at the begin or end of the PSK
  • NC-30599 [IPsec] Checkboxes on IPSec UI pages do not work using Safari
  • NC-38824 [IPsec] Spelling error in message when IPSec cannot be established
  • NC-38946 [IPsec] Child SA going down randomly with Checkpoint IPSec connection
  • NC-38603 [nSXLd] Custom URL web category list stopped working after updating to v17.1MR2
  • NC-38958 [Reporting] Smart search filter is not working properly for “is not” filter in log viewer
  • NC-39530 [Reporting] Logo is too close to the name of the report page
  • NC-39770 [Reporting] ‘Context’ column getting removed after click on Reset to default for web content policy logs
  • NC-39479 [Sandstorm] Dashboard message not correct for Single Scan Avira with Sandstorm
  • NC-35750 [SecurityHeartbeat] Heartbeat widget not displayed on slave node when registered
  • NC-38778 [SNMP] Unable to fetch the value for particular OID in SNMP server
  • NC-35490 [Synchronized App Control] Application are not classified in Synchronized Application Control list
  • NC-32342 [UI Framework] Restrict number of connection from particular IP at a particular time
  • NC-39078 [UI Framework] Update Apache Commons Collections (CVE-2015-7501, CVE-2015-6420, CVE-2017-15708)
  • NC-39081 [UI Framework] Update Apache Commons FileUpload (CVE-2016-3092, CVE-2016-1000031)
  • NC-39910 [UI Framework] Policy Tester is not working via Central Management
  • NC-38295 [WAF] WAF Rules not working after HA takeover
  • NC-31388 [Web] URL Category Lookup doesn’t allow punycode-encoded domain names
  • NC-31485 [Web] Skipping sandbox check is not being exported in the XML for WebFilterException
  • NC-35585 [Web] Only 10 cloud applications are listed if the screen resolution is 2560*1440 or higher
  • NC-36320 [Web] AppPolicy becomes DenyAll if all “characteristics” and any classification selected

Sophos Platinum Solution Partner Logo

Purchase Advice

+41 44 585 24 68

Mo - Fr, 9:00 - 12:00 Uhr
Mo - Fr, 13:00 - 17:00 Uhr

Information

  • Payment
  • Shipping & Delivery
  • Order
  • Index of Information
  • Follow us
  • About us

Legal Issues

  • AGB
  • Legal Notice
  • Privacy Policy