Sophos XG Update v18.0 GA Build 321 – uitgebracht

Sophos heeft de versie 18.0 GA van Sophos Firewall OS (SFOS) uitgebracht. De nieuwe firmware is per direct te downloaden via het MySophos‑portaal.

Alle vernieuwingen zijn al uitgebreid beschreven in een apart artikel: Sophos SFOS v18: nieuwe functies in één oogopslag

In de komende dagen verschijnt de nieuwe firmware ook automatisch in de WebAdmin van de firewall en kan deze met enkele klikken worden geïnstalleerd.*

Opmerking: voor meer informatie over de upgrade is het de moeite waard om te kijken naar SFOS-firmware op Sophos Firewall bijwerken.

Opmerking: deze upgrade naar v18 is niet voor elk hardwaremodel beschikbaar. In de blogpost Sophos Firewall Appliances – Ondersteunde hardware voor SFOS v18+ staat beschreven welke firewalls compatibel zijn.

*Alleen omgevingen met actieve Sophos Enhanced Support profiteren van deze handigere methode. Enhanced Support is inbegrepen in alle bundels (EnterpriseProtect, EnterpriseGuard, TotalProtect, FullGuard), maar kan ook afzonderlijk worden afgenomen.

Bugfixes

• NC-33664 [App Signature] Unable to block Psiphon
• NC-42675 [Authentication] access_server returns ‘Login Failed’ if two awarrenhttp threads call in at same time
• NC-44686 [Authentication] Import/export of AUTHCTA has missing and incorrect values
• NC-48116 [Authentication] Importing users via csv file with special character in password fails
• NC-50521 [Authentication] User group assignment issue with LDAP users
• NC-54642 [Authentication] Authentication not working due to high CPU utilization of access_server
• NC-50136 [Backup-Restore] ISP failover for 2 PPPoE connections is not working for local LAN systems
• NC-51979 [Backup-Restore] Can’t reflect time zone from restoring backup file after factory resetting
• NC-32336 [Base System (deprecated)] gpg vulnerability (CVE-2018-12020)
• NC-42490 [Base System (deprecated)] Validation function for legacy objects does not get called
• NC-55640 [Bridge] Firewall rule id not matching if traffic is going into wifi interface
• NC-45935 [Certificates] Fingerprint not updated on Default CA regenerate event
• NC-49023 [Certificates] Webproxy signing with non default certificate when using HTTPS Scanning
• NC-54562 [Certificates] CAs are missing after update from v18 EAP2 to EAP3
• NC-29869 [Clientless Access(HTTP/HTTPS)] “Internal Server Error” after adding many VPN bookmarks
• NC-48516 [Config Migration Framework] Configuration migration log on console is wrong in case of failed migration
• NC-55270 [Config Migration Framework] Report migration failed
• NC-49648 [CSC] API Get BridgePair requests sometimes report incorrectly “No. of records Zero.”
• NC-52857 [CSC] One time scheduler doesn’t work as expected in case of DST
• NC-51717 [DDNS, Email] DDNS uses wrong IP when interface is configured with PPPoE + Alias
• NC-38763 [DHCP] IP not leased to DHCP only interface when update from stateless
• NC-38795 [DHCP] IPv6 not removed from DB while disable DHCPv6 manage flags from RA server
• NC-38930 [DHCP] Editing DHCPv6 Prefix range not working as expected
• NC-51470 [DHCP] DHCPv6 service down after traffic is loaded and port delegated
• NC-20717 [DNS] DNS Probe status not shown in GUI
• NC-28655 [DNS] DNS_PROBE_FINISHED_NXDOMAIN after upgrading to v16.05.1 MR-1 and newer
• NC-50500 [DNS] Router advertisement of DNS will respect DDNS name
• NC-49210 [DPI] DPI engine coverity issue
• NC-53035 [DPI] Decreased throughput on system with multiple HA failovers
• NC-35077 [DPI] Server protection doesn’t work while using DPI
• NC-44643 [Email] Control Center page still shows email alerts reminder after MST is configured
• NC-28521 [Email] Email alerts do not mention virtual MAC address in HA deployments
• NC-46934 [Email] Email alerts for shaping policy is generated with not configured email id
• NC-27201 [Email] Email alerts for HA node down are not sent when the active node goes down
• NC-49140 [Email] Email alert reTagging
• NC-49391 [Email] XG sends multiple email notifications for the same event
• NC-49869 [Email] Email alert: “My account has been used elsewhere” not sent when local admin account is logged in via CLI
• NC-53706 [Email] Email alerts not sent on “service” event type
• NC-29689 [Endpoint] Security Heartbeat status is “Disabled” if firewall name resolves a CNAME instead of IP
• NC-53913 [Endpoint] New registered endpoints show HA node 1s address as connected IP instead of node 2 for new newXG-SCH-EAP-1 appliances
• NC-52472 [Endpoint] Gateway user filter changed
• NC-46227 [Endpoint] Krb_srv_tab entry missing when enabling SSO for a zone where STAS is already configured
• NC-51756 [Endpoint] XG V18 MSATP C2 Server update and enabled by default only for XG V18
• NC-40400 [FQDN] Kaspersky update blocked via policy using FQDN details
• NC-47052 [FQDN] If there are many FQDNs which point to same IP, only one name is resolved by XG
• NC-54214 [FQDN] First FQDN HOST is not resolving in list
• NC-22192 [GUI] Hovering mouse pointer over the DDNS configuration does not show DDNS hostname in popup box
• NC-35673 [GUI] Sorting doesn’t work for Download and Upload column
• NC-38427 [GUI] SSID password displayed in clear text
• NC-40747 [GUI] Hyperlinks to Sophos web links are invalid
• NC-41703 [GUI] Notification status not getting updated on clicking “Mark as Read”
• NC-47458 [GUI] Clicking on “Live Connect” for custom admin profiles cause endless loading
• NC-47664 [GUI] Wildcard FQDN changes to mixed case on edit
• NC-48435 [GUI] Wrong alignment of controls in AWAF profile
• NC-49201 [GUI] Firewall page showing error message when export to PDF option in Download report is selected from diagnostics page
• NC-51056 [GUI] GUI allows creating new host with IP and CIDR in the name
• NC-51967 [GUI] Live User display the message “no data found” while search by filter option
• NC-51983 [GUI] Firmware upload progress and status is not showing upload successful message
• NC-52119 [GUI] Strange behaviour with HTTP bookmarks in User Portal
• NC-52127 [GUI] DHCP log in Log Viewer is not translated
• NC-52986 [GUI] Korean language translation for configurable logo text in user portal page is showing wrong message
• NC-54123 [GUI] Causes browser hang while accessing certificate tree page in Firefox
• NC-41652 [HA] When HA is configured, Live Connection display is blank
• NC-41708 [HA] HA is not disconnected immediately when all ports are configured as monitored
• NC-47040 [HA] HA enabled firewall will not be connected with SFM
• NC-52579 [HA] “Run Diagnostics Tests” shows wrong status of AUX port
• NC-52869 [HA] HA wizard doesn’t show popup if current device is in HA disabled state
• NC-52923 [HA] HA is not supported when CM is controlling the firewall
• NC-53805 [HA] GUI page hangs after interface expansion in HA deployment
• NC-53811 [HA] Backups are still being synchronized to CM even after HA configuration has been removed
• NC-54306 [HA] APs not showing under Access Point section on passive appliance
• NC-20177 [IPSec_Advanced_VPN] UDP flood XG randomly sending ICMP port unreachable on VPN traffic
• NC-33708 [IPSec_Advanced_VPN] IPsec configured on the bridge is not working
• NC-52217 [IPSec_Advanced_VPN] Missing messages in the IPsec logs
• NC-50475 [IPSec_Advanced_VPN] Static route is not coming up after saving IPsec policy in HA A-A
• NC-34468 [IPsec_PolicyBased_VPN] IPsec tunnel ignoring the enabled / disabled state
• NC-48430 [IPsec_PolicyBased_VPN] FQDN should not be allowed for local IPsec policy
• NC-49540 [IPsec_PolicyBased_VPN] Child SA not getting updated for IPsec tunnel when phase1-src-dynamic check is off
• NC-51352 [NTP] NTP does not appear to work after enabling “Use pre-defined NTP server” option
• NC-41473 [MTA] Mails delivered after switching from MTA to legacy mode
• NC-37495 [Protection Policy] Inbound drop box received email can not be released
• NC-44248 [Protection Policy] “Detected IP” showing wrong IP sometimes on already listed spam email in inbound spam report
• NC-54277 [RBAC] “Security policy” tab is displayed in the navigation bar of firewall rules for policy admin
• NC-31723 [RED S2S] RED interface subnet and IP details purged
• NC-51746 [RED S2S] After cold swap of XG, RED tunnels are not getting connected
• NC-52086 [RED S2S] Wrong RED device is getting connected
• NC-53301 [RED S2S] S2S RED SSL VPN gets disconnected after upgrade from EAP2 to EAP3
• NC-32680 [REST API] Changing rest_api_UI_port doesn’t effect where firewall responds on
• NC-47128 [UI Framework] No popup seen while deleting user assigned as owner of a managed internet connection
• NC-48373 [UI Framework] Browser: Firefox - Top menu icons hover over tabs in show web activity dialog
• NC-49583 [UI Framework] ListView performance issue for remote access VPN Firewall rules
• NC-50244 [UI Framework] Access denied for SSL/VPN user if saving SSL/VPN settings without changing anything
• NC-50827 [UI Framework] Folder and group search in FileChooserControl does not work when path contains backslash
• NC-51274 [UI Framework] Missing translation for VPN directional rule in german language
• NC-51277 [UI Framework] Exported report’s last modified timestamp is not translated
• NC-52793 [UI Framework] Online help does not work with SSL/TLS inspection exceptions page
• NC-53346 [UI Framework] Chrome shows malicious web page warning when accessing XG firewall over HTTPS
• NC-53532 [UI Framework] Wrong SSL Lab rating while DMZ zone uses WAF in place of user portal
• NC-53810 [UI Framework] Custom (application filter) in firewall rules tree is not showing localization text
• NC-54827 [UI Framework] Logviewer search result is not matching with “Search Text”
• NC-55514 [UI Framework] Online help link does not return focus to correct window

Meer informatie

• Wat is er nieuw in v18