Saltar para o conteudo
Avanet
Sophos XG Update v18.0 GA Build 321 – lançado

Sophos XG Update v18.0 GA Build 321 – lançado

18. FEVEREIRO 2020

A Sophos lançou a versão 18.0 GA do Sophos Firewall OS (SFOS). O novo firmware pode ser descarregado de imediato a partir do portal MySophos.

Todas as novidades já foram descritas em pormenor num artigo separado: Sophos SFOS v18: novas funcionalidades em destaque

Nos próximos dias, o novo firmware passará também a ser apresentado automaticamente no WebAdmin do firewall, podendo ser instalado com apenas alguns cliques.*

Nota: para mais informações sobre o processo de actualização, vale a pena consultar Actualizar o firmware SFOS no Sophos Firewall.

Nota: esta actualização para a v18 não está disponível para todos os modelos de hardware. No artigo Appliances Sophos Firewall – hardware suportado para SFOS v18+ é explicado que firewalls são compatíveis.

*Desta forma mais cómoda de actualização beneficiam apenas ambientes com Enhanced Support activo da Sophos. O Enhanced Support está incluído em todos os bundles (EnterpriseProtect, EnterpriseGuard, TotalProtect, FullGuard), mas pode também ser adquirido separadamente.

Correcções

  • NC-33664 [App Signature] Unable to block Psiphon
  • NC-42675 [Authentication] access_server returns ‘Login Failed’ if two awarrenhttp threads call in at same time
  • NC-44686 [Authentication] Import/export of AUTHCTA has missing and incorrect values
  • NC-48116 [Authentication] Importing users via csv file with special character in password fails
  • NC-50521 [Authentication] User group assignment issue with LDAP users
  • NC-54642 [Authentication] Authentication not working due to high CPU utilization of access_server
  • NC-50136 [Backup-Restore] ISP failover for 2 PPPoE connections is not working for local LAN systems
  • NC-51979 [Backup-Restore] Can’t reflect time zone from restoring backup file after factory resetting
  • NC-32336 [Base System (deprecated)] gpg vulnerability (CVE-2018-12020)
  • NC-42490 [Base System (deprecated)] Validation function for legacy objects does not get called
  • NC-55640 [Bridge] Firewall rule id not matching if traffic is going into wifi interface
  • NC-45935 [Certificates] Fingerprint not updated on Default CA regenerate event
  • NC-49023 [Certificates] Webproxy signing with non default certificate when using HTTPS Scanning
  • NC-54562 [Certificates] CAs are missing after update from v18 EAP2 to EAP3
  • NC-29869 [Clientless Access(HTTP/HTTPS)] “Internal Server Error” after adding many VPN bookmarks
  • NC-48516 [Config Migration Framework] Configuration migration log on console is wrong in case of failed migration
  • NC-55270 [Config Migration Framework] Report migration failed
  • NC-49648 [CSC] API Get BridgePair requests sometimes report incorrectly “No. of records Zero.”
  • NC-52857 [CSC] One time scheduler doesn’t work as expected in case of DST
  • NC-51717 [DDNS, Email] DDNS uses wrong IP when interface is configured with PPPoE + Alias
  • NC-38763 [DHCP] IP not leased to DHCP only interface when update from stateless
  • NC-38795 [DHCP] IPv6 not removed from DB while disable DHCPv6 manage flags from RA server
  • NC-38930 [DHCP] Editing DHCPv6 Prefix range not working as expected
  • NC-51470 [DHCP] DHCPv6 service down after traffic is loaded and port delegated
  • NC-20717 [DNS] DNS Probe status not shown in GUI
  • NC-28655 [DNS] DNS_PROBE_FINISHED_NXDOMAIN after upgrading to v16.05.1 MR-1 and newer
  • NC-50500 [DNS] Router advertisement of DNS will respect DDNS name
  • NC-49210 [DPI] DPI engine coverity issue
  • NC-53035 [DPI] Decreased throughput on system with multiple HA failovers
  • NC-35077 [DPI] Server protection doesn’t work while using DPI
  • NC-44643 [Email] Control Center page still shows email alerts reminder after MST is configured
  • NC-28521 [Email] Email alerts do not mention virtual MAC address in HA deployments
  • NC-46934 [Email] Email alerts for shaping policy is generated with not configured email id
  • NC-27201 [Email] Email alerts for HA node down are not sent when the active node goes down
  • NC-49140 [Email] Email alert reTagging
  • NC-49391 [Email] XG sends multiple email notifications for the same event
  • NC-49869 [Email] Email alert: “My account has been used elsewhere” not sent when local admin account is logged in via CLI
  • NC-53706 [Email] Email alerts not sent on “service” event type
  • NC-29689 [Endpoint] Security Heartbeat status is “Disabled” if firewall name resolves a CNAME instead of IP
  • NC-53913 [Endpoint] New registered endpoints show HA node 1s address as connected IP instead of node 2 for new newXG-SCH-EAP-1 appliances
  • NC-52472 [Endpoint] Gateway user filter changed
  • NC-46227 [Endpoint] Krb_srv_tab entry missing when enabling SSO for a zone where STAS is already configured
  • NC-51756 [Endpoint] XG V18 MSATP C2 Server update and enabled by default only for XG V18
  • NC-40400 [FQDN] Kaspersky update blocked via policy using FQDN details
  • NC-47052 [FQDN] If there are many FQDNs which point to same IP, only one name is resolved by XG
  • NC-54214 [FQDN] First FQDN HOST is not resolving in list
  • NC-22192 [GUI] Hovering mouse pointer over the DDNS configuration does not show DDNS hostname in popup box
  • NC-35673 [GUI] Sorting doesn’t work for Download and Upload column
  • NC-38427 [GUI] SSID password displayed in clear text
  • NC-40747 [GUI] Hyperlinks to Sophos web links are invalid
  • NC-41703 [GUI] Notification status not getting updated on clicking “Mark as Read”
  • NC-47458 [GUI] Clicking on “Live Connect” for custom admin profiles cause endless loading
  • NC-47664 [GUI] Wildcard FQDN changes to mixed case on edit
  • NC-48435 [GUI] Wrong alignment of controls in AWAF profile
  • NC-49201 [GUI] Firewall page showing error message when export to PDF option in Download report is selected from diagnostics page
  • NC-51056 [GUI] GUI allows creating new host with IP and CIDR in the name
  • NC-51967 [GUI] Live User display the message “no data found” while search by filter option
  • NC-51983 [GUI] Firmware upload progress and status is not showing upload successful message
  • NC-52119 [GUI] Strange behaviour with HTTP bookmarks in User Portal
  • NC-52127 [GUI] DHCP log in Log Viewer is not translated
  • NC-52986 [GUI] Korean language translation for configurable logo text in user portal page is showing wrong message
  • NC-54123 [GUI] Causes browser hang while accessing certificate tree page in Firefox
  • NC-41652 [HA] When HA is configured, Live Connection display is blank
  • NC-41708 [HA] HA is not disconnected immediately when all ports are configured as monitored
  • NC-47040 [HA] HA enabled firewall will not be connected with SFM
  • NC-52579 [HA] “Run Diagnostics Tests” shows wrong status of AUX port
  • NC-52869 [HA] HA wizard doesn’t show popup if current device is in HA disabled state
  • NC-52923 [HA] HA is not supported when CM is controlling the firewall
  • NC-53805 [HA] GUI page hangs after interface expansion in HA deployment
  • NC-53811 [HA] Backups are still being synchronized to CM even after HA configuration has been removed
  • NC-54306 [HA] APs not showing under Access Point section on passive appliance
  • NC-20177 [IPSec_Advanced_VPN] UDP flood XG randomly sending ICMP port unreachable on VPN traffic
  • NC-33708 [IPSec_Advanced_VPN] IPsec configured on the bridge is not working
  • NC-52217 [IPSec_Advanced_VPN] Missing messages in the IPsec logs
  • NC-50475 [IPSec_Advanced_VPN] Static route is not coming up after saving IPsec policy in HA A-A
  • NC-34468 [IPsec_PolicyBased_VPN] IPsec tunnel ignoring the enabled / disabled state
  • NC-48430 [IPsec_PolicyBased_VPN] FQDN should not be allowed for local IPsec policy
  • NC-49540 [IPsec_PolicyBased_VPN] Child SA not getting updated for IPsec tunnel when phase1-src-dynamic check is off
  • NC-51352 [NTP] NTP does not appear to work after enabling “Use pre-defined NTP server” option
  • NC-41473 [MTA] Mails delivered after switching from MTA to legacy mode
  • NC-37495 [Protection Policy] Inbound drop box received email can not be released
  • NC-44248 [Protection Policy] “Detected IP” showing wrong IP sometimes on already listed spam email in inbound spam report
  • NC-54277 [RBAC] “Security policy” tab is displayed in the navigation bar of firewall rules for policy admin
  • NC-31723 [RED S2S] RED interface subnet and IP details purged
  • NC-51746 [RED S2S] After cold swap of XG, RED tunnels are not getting connected
  • NC-52086 [RED S2S] Wrong RED device is getting connected
  • NC-53301 [RED S2S] S2S RED SSL VPN gets disconnected after upgrade from EAP2 to EAP3
  • NC-32680 [REST API] Changing rest_api_UI_port doesn’t effect where firewall responds on
  • NC-47128 [UI Framework] No popup seen while deleting user assigned as owner of a managed internet connection
  • NC-48373 [UI Framework] Browser: Firefox - Top menu icons hover over tabs in show web activity dialog
  • NC-49583 [UI Framework] ListView performance issue for remote access VPN Firewall rules
  • NC-50244 [UI Framework] Access denied for SSL/VPN user if saving SSL/VPN settings without changing anything
  • NC-50827 [UI Framework] Folder and group search in FileChooserControl does not work when path contains backslash
  • NC-51274 [UI Framework] Missing translation for VPN directional rule in german language
  • NC-51277 [UI Framework] Exported report’s last modified timestamp is not translated
  • NC-52793 [UI Framework] Online help does not work with SSL/TLS inspection exceptions page
  • NC-53346 [UI Framework] Chrome shows malicious web page warning when accessing XG firewall over HTTPS
  • NC-53532 [UI Framework] Wrong SSL Lab rating while DMZ zone uses WAF in place of user portal
  • NC-53810 [UI Framework] Custom (application filter) in firewall rules tree is not showing localization text
  • NC-54827 [UI Framework] Logviewer search result is not matching with “Search Text”
  • NC-55514 [UI Framework] Online help link does not return focus to correct window

Mais informações

Patrizio

Patrizio

Patrizio e um especialista de redes experiente, focado em firewalls Sophos, switches e pontos de acesso. Apoia clientes e equipas de TI na configuracao, na migracao e numa segmentacao de rede limpa.