{"id":22316,"date":"2019-04-01T12:00:00","date_gmt":"2019-04-01T11:00:00","guid":{"rendered":"https:\/\/www.avanet.com\/blog\/sophos-firewall-os-sfos-update-v17-5-mr4-released\/"},"modified":"2022-07-22T14:45:43","modified_gmt":"2022-07-22T13:45:43","slug":"sophos-sfos-update-v17-5-mr4-released","status":"publish","type":"post","link":"https:\/\/www.avanet.com\/en\/blog\/sophos-sfos-update-v17-5-mr4-released\/","title":{"rendered":"Sophos Firewall OS (SFOS) update v17.5 – MR4 released"},"content":{"rendered":"\n

Sophos has released version 17.5 MR4 for Sophos Firewall OS (SFOS).<\/p>\n\n

Note<\/strong>: For more information on upgrading, see the following post: Upgrading SFOS firmware to Sophos Firewall<\/a>.<\/p>\n\n

Backup encryption<\/h2>\n\n

MR4 brings a feature to the XG that UTM users have known for years. The backups can now be encrypted. With a little effort, it was previously possible to read the admin password from an SFOS backup. Sophos says here that until now the configuration was encrypted with a common password that only Sophos knew. Therefore, in the past, we have tended to advise against sending backups via e-mail or uploading them to an FTP server.<\/p>\n\n

\n
\"Sophos<\/a><\/figure>\n<\/figure>\n\n

We recommend changing the admin password and creating a secure password so that configuration backups are encrypted in the future. After that, you can send the backups by e-mail or upload them to an FTP server with a clear conscience.<\/p>\n\n

Notifications<\/h2>\n\n

Email notifications on the XG are currently virtually non-existent. However, Sophos is working to ensure that these are improved in the future. With the new XG Firewall firmware there are now first improvements.<\/p>\n\n

\n
\"Sophos<\/a><\/figure>\n<\/figure>\n\n

Other small improvements<\/h2>\n\n
  • There is now an option to generate the application configuration file from the XG Firewall console and import it into GSuite. You can find it under Authentication > Services > “Download GSuite App Config”.<\/li>
  • GRE and RED interface support for PIM-SM added.<\/li>
  • Support for “DHE key exchange cipher suites” with HTTPS scanning.<\/li><\/ul>\n\n

    Bug fixes<\/h2>\n\n
    • NC-28883 [Authentication] Able to change group membership of backend users when authserver doesn’t exist anymore<\/li>
    • NC-38834 [Authentication] access_server service getting restarted due to heartbeat found dead<\/li>
    • NC-39735 [Authentication] User under an OU falls under OPEN GROUP upon authentication<\/li>
    • NC-40072 [Authentication] Not able to delete surfing quota profile, delete opcode search for accesspolicyid instead of surfingquotapolicyid<\/li>
    • NC-40945 [Authentication] Failed and successful logins at the same time<\/li>
    • NC-42329 [Authentication] Unable to upgrade from v17.1 MR4 to v17.5 GA<\/li>
    • NC-34479 [CSC] Virtual XG randomly rebooting – snort using up all swap<\/li>
    • NC-39990 [DHCP] When statically assigning an IP to a devices on multiple DHCP scopes, the gateway settings are pulled from the first one<\/li>
    • NC-34039 [Email] Websites are blocked by Sophos AV because of reason “Malware”.<\/li>
    • NC-38555 [Email] File Protection can’t block MIME type doc<\/li>
    • NC-38840 [Email] Unable to delete a particular email which was quarantined<\/li>
    • NC-40071 [Email] GUI option for offline relate on\/off for inbound mails<\/li>
    • NC-40131 [Email] Mail downloaded from error queue doesn’t get displayed properly in mail client<\/li>
    • NC-40364 [Email] Personal email exception manipulation by other authenticated users<\/li>
    • NC-40389 [Email] Mails released from spool get an incorrect firewall rule ID<\/li>
    • NC-40666 [Email] Coredump in mailscanner<\/li>
    • NC-41061 [Email] SPX encryption leads to “carriage return and line feed” in attachments<\/li>
    • NC-41574 [Email] SPF should get applied on inbound mail sent from protected domain to protected domain from internet<\/li>
    • NC-41862 [Email] Mail log on GUI does not show delivered mails<\/li>
    • NC-42409 [Email] Bounce back mail due to recipients having MX records which point directly to an IP<\/li>
    • NC-43353 [Email] smtpd behavior is different from 17.1 to 17.5 (without subscription)<\/li>
    • NC-43703 [Email] Warren service unable to load EC type CA certificate.<\/li>
    • NC-35350 [Firewall] PPPoE interface status remains in status “Connecting” for 2 hours<\/li>
    • NC-39522 [Firewall] Network protection options in setup wizard of XG are misleading<\/li>
    • NC-39605 [Firewall] Modifying one time schedules fails, if timer has already triggered<\/li>
    • NC-39907 [Firewall] API command to enable SpoofProtection is not working<\/li>
    • NC-40176 [Firewall] Firewall rule is listed in business application rule destination network objects<\/li>
    • NC-40622 [Firewall] Incomplete MAC address shown in Log Viewer<\/li>
    • NC-41316 [Firewall] Update country host DB<\/li>
    • NC-41389 [Firewall] HA – system doesn’t send out garp upon failover<\/li>
    • NC-41632 [Firewall] Business Rule – port translation not working as expected<\/li>
    • NC-41652 [Firewall] Unable to delete vlan interface – “Interface could not be deleted”.<\/li>
    • NC-42342 [Firewall] One time timers are executed before expected time<\/li>
    • NC-39813 [FQDN] Unable to use underscore in FQDN host creation<\/li>
    • NC-37771 [Hotspot] Duplicate vouchers in export files<\/li>
    • NC-38004 [Hotspot] Hotspot password of the day is not getting reflected into run time config<\/li>
    • NC-38120 [IPsec] L2TP over IPsec is sending keepalives forever<\/li>
    • NC-38746 [IPsec] S2S connection is not initiated after DHCPv6 interface update<\/li>
    • NC-39267 [IPsec] IE11: cannot create and update IPsec policy<\/li>
    • NC-41299 [IPsec] IPsec SA is updated with incorrect SA information<\/li>
    • NC-42099 [IPsec] Sophos Connect Client cannot connect to Sophos Connect Client policy using digital certificates<\/li>
    • NC-42290 [Licensing] Additional CPU cores not detected in v17.5 after license upgrade (NC-26328)<\/li>
    • NC-40282 [Logging Framework] High CPU usage from garner \/ active.db grows continuously<\/li>
    • NC-34323 [RED] HA active-active routing issue over RED S2S tunnel<\/li>
    • NC-42159 [RED] Validation of provisioning file failed<\/li>
    • NC-40444 [RED_Firmware] Tunnel compression does not work<\/li>
    • NC-38899 [Reporting] Scheduled custom mail reports received via email does not show the mail size<\/li>
    • NC-40303 [Reporting] Log Viewer is not loading new logs after screen unlock<\/li>
    • NC-40983 [Reporting] Follow-up for NC-26459: Reports for “Traffic Insight” not shown on dashboard<\/li>
    • NC-41788 [Reporting] Unable to upload custom logo<\/li>
    • NC-41232 [SecurityHeartbeat] Heartbeat status on XG showing “at risk” instead of “green”.<\/li>
    • NC-36776 [Synchronized App Control] New Apps number doesn’t match the displayed list entries<\/li>
    • NC-37423 [Synchronized App Control] SAC Tab fails to load for high number of EPs and APPs<\/li>
    • NC-37815 [UI Framework] Guest User expiration is not correctly ordered<\/li>
    • NC-40158 [WAF] Disable TLS session tickets<\/li>
    • NC-34088 [Web] Application control shows blocked applications when they are not blocked<\/li>
    • NC-38892 [Web] Inappropriate description in web category for “Society & Culture”.<\/li>
    • NC-39517 [Web] Webfilter memory usage is growing over time and not going down<\/li>
    • NC-39817 [Web] Application filtering using “Smart Filter” filter disappear randomly<\/li>
    • NC-40265 [Web] Unable to run web policy test for generic top level domains<\/li>
    • NC-40503 [Web] Web filter policies not getting updated after CR to SFOS migration<\/li>
    • NC-42264 [Web] Garner on Aux node dead after upgrade to v17.5<\/li>
    • NC-43056 [Web] Policy tester activities shows junk characters in result with file download is blocked<\/li>
    • NC-38368 [Wireless] APs randomly going to INACTIVE STATE<\/li>
    • NC-38868 [Wireless] Time based scan with DCS is not showing after configuration for 5.0Ghz<\/li>
    • NC-39840 [Wireless] Wireless interface going to UNPLUGGED STATE<\/li>
    • NC-39986 [Wireless] 5 Ghz band is not available in AP setting while country set to Qatar<\/li>
    • NC-40091 [Wireless] Disable TCP Segmentation Offload for separate zone interface<\/li>
    • NC-38085 [WWAN] Unable to detect 4G USB Modem D-Link DWM-222 A1 on XG 125 and XG 85 with HW Rev.3<\/li><\/ul>\n","protected":false},"excerpt":{"rendered":"

      Sophos has released version 17.5 MR4 for Sophos Firewall OS (SFOS). Note: For more information on upgrading, see the following post: Upgrading SFOS firmware to Sophos Firewall. Backup encryption MR4 brings a feature to the XG that UTM users have known for years. The backups can now be encrypted. With a little effort, it was […]<\/p>\n","protected":false},"author":5,"featured_media":21299,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[277],"tags":[],"class_list":["post-22316","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"blocksy_meta":[],"acf":[],"_links":{"self":[{"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/posts\/22316","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/comments?post=22316"}],"version-history":[{"count":0,"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/posts\/22316\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/media\/21299"}],"wp:attachment":[{"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/media?parent=22316"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/categories?post=22316"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.avanet.com\/en\/wp-json\/wp\/v2\/tags?post=22316"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}