Sophos Firewall OS (SFOS) Update v17.5 - MR8 released

Sophos has released version 17.5 MR8 for Sophos Firewall OS (SFOS).

Note: For more information on upgrading, check out the following post: Update SFOS Firmware on Sophos Firewall.

FQDN in Quarantine Digest

Sophos has secretly listed a new feature under “Bug Fixes” that, in my opinion, definitely deserves more attention! I am talking about:

• NC-39749 [Email] Use FQDN in Quarantine Digest

If you have your emails checked for viruses and spam by the XG Firewall, emails often end up in quarantine. To relieve the admin, you can set it so that users receive a quarantine report via email. This allows the user to decide which email was mistakenly blocked and can move it to the inbox with a click.

However, the click on the link to move the email from quarantine to the inbox caused problems until now! Behind this link was not an FQDN, but an IP address. This always displayed a certificate error message, which was not necessarily trustworthy.

This naturally bothered our customers a lot, and that’s why we asked Sophos for a solution back in March 2018. At that time, it was said that the feature would come with v17.0, then 17.5, and finally in an MR Release. With v17.5.8, this problem has now finally been solved. Thank you Sophos, we had almost given up hope. 😅

You can now define a DNS name in the quarantine settings and also set the size of the quarantine.

Support for the Sandstorm data center in Frankfurt added

For the analysis of files transferred to Sandstorm, Sophos has opened a new data center in Frankfurt. This is certainly a smart move with regard to GDPR compliance and the further development of Brexit. After updating to MR8, you can now set the location in the Sandstorm settings to Europe (Frankfurt).

The selection on the XG Firewall then looks like this:

Bug Fixes

• NC-47055 [Authentication] Support >48 characters password length for Radius Server
• NC-46680 [Certificates] Completing CSR with certificate breaks SSL VPN
• NC-48512 [Dynamic Routing (PIM)] Multicast traffic getting stopped after update of interface
• NC-39749 [Email] Use FQDN in Quarantine Digest
• NC-40831 [Email] Add capability to increase size of Mail Quarantine area in UI
• NC-45305 [Email] SPX related reports not being displayed on the GUI
• NC-48542 [Email] Potential RCE via arbitrary file creation vulnerability
• NC-49003 [Email] Custom ports for SMTP proxy stopped working after 17.5
• NC-46938 [FQDN] FQDNd doesn’t update/create ipset
• NC-46401 [Import-Export Framework] “/conf” partition is at 100%
• NC-47095 [Interface Management] TSO changes are not permanent in HA
• NC-48031 [Interface Management] Wifi client did not get gateway and other config after reboot until enable and re-enable the wifi on client
• NC-48487 [IPS Engine] Postgres taking high CPU
• NC-48956 [IPS Engine] Modify IPS TCP Anomaly Detection setting to disabled in default setting
• NC-46079 [Logging Framework] Garner coredump on aux node following upgrade to 17.5 MR3
• NC-46780 [Logging Framework] Reports not being generated when Email Notification feature is enabled
• NC-46879 [Sandstorm] Add support for Sandstorm’s Frankfurt data centre
• NC-48718 [Service Object] Unable to edit service object that is assigned to a firewall rule
• NC-43625 [UI Framework] Adding VLAN interface fails in IE in HA Active-Active mode
• NC-45371 [UI Framework] Incorrect UI behavior for Web User Activities
• NC-45495 [Web] Policy Tester UI and overlay issues
• NC-45724 [Web] Full file download retry failure after 416 (Range Not Satisfiable) being returned by proxy
• NC-47626 [Web] Web category “Hacking” should be classified as “Objectionable” instead “Acceptable”
• NC-47075 [Wireless] Export of the WirelessAccessPoint does not contain the Group
• NC-47115 [Wireless] WirelessAccessPoint includes the wrong value for DynChan5GHz
• NC-47738 [Wireless] XML import is failing for wireless config failing when RADIUS Server and Pending Access Points data is present in import file