Skip to content
Avanet
Sophos XG Update v16.05.0 - Sandstorm now also for XG Firewalls with SFOS

Sophos XG Update v16.05.0 - Sandstorm now also for XG Firewalls with SFOS

20. APRIL 2017

The new version v16.05.0 for all XG Firewalls with SFOS has been available since 18 January 2017. We decided to publish this short post anyway, even though it is already mid-April and this version has, hopefully, been installed on all XG Firewalls in the meantime.

If you have only just noticed that your XG Firewall is not yet running version v16.05.0, I have another interesting article for you. 🙂

What new features does the SFOS 16.05.0 release bring?

If you are in a hurry, you only need to know these two things:

  • Sophos Sandstorm for Mail and Web
  • Various bug fixes

The key new feature in this version is Sophos Sandstorm for Mail and Web.

What is Sophos Sandstorm?

Sophos Sandstorm blocks evasive malware such as ransomware hidden in executable files, PDFs and Microsoft Office documents, and sends these to its cloud sandbox, where the malicious code is executed and monitored in a secure environment. Threat intelligence is sent back to the Sophos solution and the file is either allowed or blocked. This process takes only a few minutes and has virtually no impact on the user. You also receive detailed threat reports for every incident, so you know exactly what is happening.

If you would like to learn more about Sophos Sandstorm, you can read one of our earlier blog posts: “Sophos Sandstorm - Using Sophos sandboxing to protect against zero‑day malware and APTs”.

At this point we are also happy to link to the official video from Sophos, which takes a closer look at the new Sandstorm feature on the XG:

The video also shows how you can test Sophos Sandstorm on the XG free of charge for 30 days.

Buy Sophos Sandstorm for SFOS now

If you want to continue using Sophos Sandstorm after the 30‑day trial period, you can order a licence in our shop.

Simply select your model on the left‑hand side and then choose the Sandstorm licence. Alternatively, you can opt for one of the new “FullGuard Plus” and “TotalProtect Plus” bundles, which include Sophos Sandstorm directly.

However, do not forget that even if the firewall does an excellent job and, with Sandstorm and sandboxing technology, could in theory even detect ransomware, you must never forgo endpoint protection. The firewall can only detect threats that it is actually able to scan.

Bug fixes

  • NC-12759 [Authentication] Segmentation fault of access server
  • NC-13930 [Authentication] access_server segmentation fault
  • NC-14100 [Authentication] Appliance IP does not appear on General tab of STAS suite
  • NC-14160 [Authentication] NetBIOS packets sent out via WAN port
  • NC-13972 [Base System] WebAdmin certificate is not updated when changing common name in CA certificate
  • NC-14123 [Base System] No reconnect of IPsec tunnel when using IPv6
  • NC-14140 [Base System] If VPN profile name matches an existing log file, the profile will log to this log file
  • NC-15736 [Base System] Fix sending telemetry data
  • NC-14227 [Certificates] Improve error message for Certificate Revocation List
  • NC-3820 [Certificates] The validity period To/From is not taken into account for CRL uploads
  • NC-13394 [Clientless Access (HTTP/HTTPS)] Japanese character issue in HTTP bookmark of clientless access
  • NC-13014 [FirewallDatapath] Not able to ping local machine located in DMZ zone from LAN zone with IPsec S2S tunnel set up
  • NC-13665 [Firewall] Skipping load balancing for missing heartbeat drop traffic
  • NC-13702 [Firewall] Block page with captive portal link shown for users when web filter + user-based rules are used
  • NC-13987 [Firewall] Wizard failed after configuring DoS rule using src-zone
  • NC-14137 [Firewall] ‘Internet Scheme’ page loading failed
  • NC-11810 [Framework (UI)] Application List headings are removed after applying filter
  • NC-13043 [Framework (UI)] Control Center - system graph initially renders without title
  • NC-13858 [Framework (UI)] Improve XG Firewall dashboard diagrams
  • NC-14649 [Framework (UI)] Possible SQL injection in EventViewerHelper
  • NC-14671 [Framework (UI)] XSS in LiveConnectionDetail.jsp in SFOS
  • NC-15101 [Framework (UI)] Apache service stops if certificate names contain space characters
  • NC-8116 [Framework (UI)] Disable TLS 1.0 and TLS 1.1 support for WebAdmin and User Portal
  • NC-14995 [Galileo Heartbeat] Heartbeat - service restarting automatically
  • NC-14244 [Hotspot] Hotspot type POTD sends extra email while updating password creation time
  • NC-13610 [IDS + AppControl] Psiphon Proxy application is not blocked
  • NC-13496 [IPS] Wrong IP address shown in web filter Log Viewer when device configured in TAP mode
  • NC-14231 [IPS] Internet traffic dropped by IPS if network subscription is missing
  • NC-12228 [Mail Proxy] MIME whitelist box is not large enough to display the entire text
  • NC-14093 [Mail Proxy] Proxy stops processing emails if IP reputation is enabled with action “Reject”
  • NC-14098 [Mail Proxy] Delivery failure notification not sent if sender or recipient email address contains space character
  • NC-14178 [Mail Proxy] SMTP proxy dies due to specific characters in return path of delivery failure notification
  • NC-14213 [Mail Proxy] Read-only profile should be set in Email Protection in HA mode
  • NC-15657 [Mail Proxy] Sandstorm malicious emails should not be releasable from Spam Digest Email
  • NC-13448 [Network Services] DHCP service dies while binding custom option to DHCP server
  • NC-12214 [Networking] New warning message for unbinding interfaces trivialises effects
  • NC-12966 [Networking] WWAN connectivity issue with Huawei E3372
  • NC-13449 [Networking] DHCP option is deleted without removing its binding
  • NC-13599 [RED] Transparent Split and 3G Failover should not be possible to configure
  • NC-14164 [RED] Implement “TLS 1.2 only” mode
  • NC-11769 [Reporting] Event Type ‘Not Available’ seen in reports of admin events
  • NC-12472 [Reporting] PDF report export/on demand: when records continue on 2nd page, server time changes
  • NC-13257 [Reporting] Pagination is not working for “Interface” widget in executive report
  • NC-14337 [Reporting] Reports do not load when language is Spanish
  • NC-6345 [Reporting] Custom reports: sometimes application/protocol filter does not work properly
  • NC-12969 [SSLVPN] SSLVPN remote access to Apple iPhone: traffic cannot pass through tunnel
  • NC-15615 [Sandstorm] sandboxd and sandbox_reportd do not start on new install without reboot
  • NC-15644 [Sandstorm] Trial evaluation link sends incorrectly encoded activation link
  • NC-13945 [UI] Log Viewer link from widget window is not working
  • NC-13995 [VPN] VPN failover group stops retrying after a couple of minutes
  • NC-6589 [VPN] DHCP_V6A_IPSec connection not reconnected when changing IPv4 address of the same WAN interface
  • NC-14118 [WAF] SFM MR-2 cannot push web server configuration to SFv16 device
  • NC-11111 [Web] Captive Portal settings: unauthenticated user redirection does not work
  • NC-10629 [Wireless] wifiauth service dies
  • NC-13207 [Wireless] hostapd dies after updating RADIUS server in wireless global settings
  • NC-13340 [Wireless] Update Organisationally Unique Identifier (OUI) library
  • NC-13940 [Wireless] RED15w wireless is not detected
  • NC-14000 [Wireless] DHCP option 234 code missing in “editreddevice” opcode
  • NC-9469 [Wireless] WLAN interfaces are not shown in network configuration wizard if wireless network name contains ‘WLAN’
Patrizio

Patrizio

Patrizio is an experienced network specialist focused on Sophos firewalls, switches, and access points. He supports customers and IT teams with configuration, migration, and clean network segmentation.