Sophos Firewall OS (SFOS) update v17.5 – MR8 released

Sophos has released version 17.5 MR8 for Sophos Firewall OS (SFOS).

Note: For more information on upgrading, check out this post: Upgrading SFOS firmware to Sophos Firewall.

FQDN in Quarantine Digest

Sophos has very sneakily listed a new feature under the “bug fixes” that I think definitely deserves some more attention! I am talking here about:

• NC-39749 [Email] Use FQDN in Quarantine Digest

If you have e-mails checked for viruses and spam by the XG Firewall, e-mails sometimes end up in the quarantine. In order to relieve the admin, it is possible to set the users to receive a quarantine report by e-mail each time. This way, the user then decides for himself which email was mistakenly blocked and can have it moved to the inbox with one click.

But exactly the click on the link to move the email from the quarantine to the inbox caused problems so far! Behind this link was not a FQDN, but an IP address. Thus, a certificate error message was always displayed, which was not necessarily trustworthy.

Of course, this bothered our customers a lot, so we asked Sophos for a solution back in March 2018. At that time, they said the feature was coming with v17.0, then 17.5, and most recently in an MR release. So with v17.5.8, this issue is finally resolved. Thanks Sophos, we had almost given up hope. 😅

You can now define a DNS name in the quarantine settings and also set the size of the quarantine.

Support for Sandstorm data center in Frankfurt added

Sophos has opened a new data center in Frankfurt for the analysis of files transmitted to Sandstorm. This is certainly a smart move in terms of compliance with the GDPR or further Brexit developments. After updating to MR8 you can change the location to Europe (Frankfurt) in the Sandstorm settings. The selection on the XG Firewall then looks like this:

Bug fixes

• NC-47055 [Authentication] Support >48 characters password length for Radius Server
• NC-46680 [Certificates] Completing CSR with certificate breaks SSL VPN
• NC-48512 [Dynamic Routing (PIM)] Multicast traffic getting stopped after update of interface
• NC-39749 [Email] Use FQDN in Quarantine Digest
• NC-40831 [Email] Add capability to increase size of Mail Quarantine area in UI
• NC-45305 [Email] SPX related reports not being displayed on the GUI
• NC-48542 [Email] Potential RCE via arbitrary file creation vulnerability
• NC-49003 [Email] Custom ports for SMTP proxy stopped working after 17.5
• NC-46938 [FQDN] FQDNd does not update/create ipset
• NC-46401 [Import-Export Framework] “/conf” partition is at 100%
• NC-47095 [Interface Management] TSO changes are not permanent in HA
• NC-48031 [Interface Management] Wifi client did not get gateway and other config after reboot until enable and re-enable the wifi on client
• NC-48487 [IPS Engine] Postgres taking high CPU
• NC-48956 [IPS Engine] Modify IPS TCP Anomaly Detection setting to disabled in default setting
• NC-46079 [Logging Framework] Garner coredump on aux node following upgrade to 17.5 MR3
• NC-46780 [Logging Framework] Reports not being generated when Email Notification feature is enabled
• NC-46879 [Sandstorm] Add support for Sandstorm’s Frankfurt data centre
• NC-48718 [Service Object] Unable to edit service object that is assigned to a firewall rule
• NC-43625 [UI Framework] Adding VLAN interface fails in IE in HA Active-Active mode
• NC-45371 [UI Framework] Incorrect UI behavior for Web User Activities
• NC-45495 [Web] Policy Tester UI and overlay issues
• NC-45724 [Web] Full file download retry failure after 416 (Range Not Satisfiable) being returned by proxy
• NC-47626 [Web] Web category “Hacking” should be classified as “Objectionable” instead of “Acceptable”.
• NC-47075 [Wireless] Export of the WirelessAccessPoint does not contain the Group
• NC-47115 [Wireless] WirelessAccessPoint includes the wrong value for DynChan5GHz
• NC-47738 [Wireless] XML import is failing for wireless config failing when RADIUS Server and Pending Access Points data is present in import file