Hi XG Community!

We've finished SFOS v17.0.5 MR5. This release is available from within your device for all SFOS v17.0 installations as of now.

Besides that, the release is available to all SFOS version via MySophos portal.

Note: There are a few edge cases where some customers may still experience issues using multiple subnets with a single IPSec connection. The team is working on those and all the last known issues should be addressed in MR6 which is expected to follow very soon. Please follow this Sophos XG Firewall: Cannot handle more than 2 concurrent Quick Mode exchanges per IKE_SA when using IKEv1

Issues Resolved

NC-23258 [API] System debug logs should not contain sensitive information

NC-21429 [Authentication] Users don't show the correct properties from their group after auto-creation

NC-21820 [Authentication] Make Access Server port (6060) use IP_PKTINFO

NC-22770 [Authentication] User role cannot change to Administrator for AD Users

NC-22935 [Authentication] Users are unable to login with CAA

NC-27199 [Authentication] Access Server crashes with eDirectory

NC-20765 [Base System] If several SNMP communities exist with same name in XG, all are deleted if you delete one

NC-22276 [Base System] SNMP Walk delivering inconsistent information

NC-22323 [Base System] Garner fails to log when multiple threads call gr_io simultaneously

NC-23073 [Base System] iView v3 doesn't display any email usage data

NC-26730 [API, Base System] Unable to change admin password through API

NC-25793 [Clientless Access] File browser does not load if directory contains a hardlink

NC-25852 [Clientless Access] UI dialog doesn't reset after closing and reopen

NC-21823 [Authentication, Firewall] Live users only displaying 8192 users

NC-22738 [Firewall, Performance] Firewall page load time increases after adding firewall groups

NC-22878 [Firewall] Allow user to edit rule while double clicking on the rule

NC-23254 [Firewall] In TAP mode, management interface doesn't respond when same traffic is seen on TAP and MGMT

NC-25628 [Firewall] Appliance inaccessible after restoring backup file from 16.5 MR8 to 17 MR1

NC-25724 [Firewall] Special character "|" allowed in firewall rule name but then does not allow moving firewall rule within the group

NC-25965 [Firewall] Unable to delete a proxy-arp entry

NC-25970 [Framework(UI)] Change React.js to production mode in SFOS release builds

NC-23212 [HA] Wrong Dedicated Link value is displayed after saving HA Auxiliary configuration

NC-23077 [Hotspot] Changing hotspot customization type from Full to Basic or Basic to full, removes default voucher template

NC-26137 [Hotspot] Interfaces not listed correctly for hotspot configuration

NC-22572 [IPS] "Status" value is empty for IPS logs in log viewer

NC-26882 [IPS] User can not add IPS Policy Rules to SF with 'Smart Filter' option enabled in any IPS policy using SFM

NC-27230 [IPS] IPS service is in dead state

NC-23016 [IPsec] RSA connection not working without remote ID and remote gateway '*'

NC-26152 [IPsec] IKEv2 initiator does not try forever if rekeying tries = 0

NC-26338 [IPsec] VPN failover timeout takes too long

NC-26339 [IPsec] Remote access with IPsec/PSK can't be established

NC-26354 [IPsec] IPsec UP notifications are being sent even though the tunnel is UP for IKEv2

NC-26582 [IPsec] IPSec tunnel not reinitiated after PPPoE reconnect

NC-26634 [IPsec] Add validation message for PSK connections with remote '*'

NC-26888 [IPsec] UI - Hostname beginning with a number for VPN remote gateway address is not accepted

NC-26988 [IPsec] VPN connection can't be established if the PSK is very long

NC-26998 [IPsec] Webadmin is very slow after update to SF v17 MR3

NC-27030 [IPsec] System unresponsive after enabling non-establishing IPsec connections

NC-27255 [IPsec] 64 characters PSK gets truncated to 57 characters

NC-26100 [Logging] Typo in "Missing Heartbeat" in log viewer

NC-19417 [Mail Proxy] Emails have the banner as an attachment instead of inline in the message

NC-22816 [Mail Proxy] Unable to release quarantined emails - 'Bad Request' received

NC-23049 [Mail Proxy] "Release" link in quarantine digest not obeying configuration settings when SF in HA (A-A)

NC-25705 [Mail Proxy] Antivirus fails to start after downgrade from v17.0 MR2 to v16

NC-25808 [Mail Proxy] AwarrenMTA: few mails appear on queue after delivery (DB query fails due to special character)

NC-26061 [Mail Proxy] IP reputation check is skipped when clubbed with 'recipient verification' policy

NC-26750 [Mail Proxy] RBL scan should be skipped if IP address is in Allowed IP address list

NC-26773 [Mail Proxy] Incorrect values shown for disk utilization for SMTP quarantine

NC-21877 [Networking] Remove limit for static IP-MAC mapping in DHCP

NC-22792 [Networking] Full import export is failing due to specific invalid dhcp config

NC-25395 [Networking] Wrong port OUT marked while using of primary and secondary gateway

NC-23178 [nSXLd] URL categorization look up fails

NC-23206 [nSXLd] Unable to save domain info in customized web categories

NC-26080 [Reporting] "Internal Server Error" while accessing Web Admin

NC-25589 [SSLVPN] Username with '@' is not displayed correctly in SSL VPN Client

NC-22961 [Synchronized App Control] Add customized apps to the "categorized" widget in control center

NC-25309 [Synchronized App Control] Timestamps for last occurrence should not show seconds

NC-25950 [Synchronized App Control] Endpoint name is shown wrong after upgrade to MR-2

NC-25953 [Synchronized App Control] Normalized path is shown instead of filename after upgrade to MR-2

NC-22750 [UI] Control Center - text wrapped and appears on two lines in Japanese language

NC-26242 [UI] Web Server Protection >> General Settings tab is not displayed in some languages

NC-26340 [Up2date Client] Message "New firmware available for AP" shown on dashboard although version is already installed

NC-21760 [WAF] Ruleid is not set in case of HTTPS host mismatch

NC-25461 [WAF] Additional cookie from WAF is added without HttpOnly detail

NC-25633 [WAF] Unable to edit/save WAF rule

NC-18732 [IPS, Web] Load average is going high on CR300iNG with SFOS v16.5 & v17.0 GA

NC-22030 [Web] Policy tester does not allow multicast addresses in the URL

NC-22752 [Web] Range requests cannot download files larger than 2GB

NC-22993 [Web] TeamViewer not working after upgrading to 16.5 MR7

NC-23061 [Web] Content Filter details are not displayed with languages other than English

NC-23082 [Web] Garner segfault occurred in feedback channel plug-in

NC-25356 [Web] High memory utilization increasing daily on XG430

NC-25370 [Web] Web Proxy does not work correctly when application filter is set to "Synchronized App Control"

NC-25397 [Web] Logout option disappears from Captive Portal page

NC-25582 [Web] Range header in requests should not be validated when AV scanning is not required

NC-25771 [Web] Gmail: Email attachment upload failed with HTTPS scanning

NC-26352 [Web] Outlook cert error in explicit mode on dns failures

NC-25687 [Wireless] Built-in AP is not broadcasting unless it is configured in a separate zone

NC-26380 [Wireless] Wrong wireless AP status displayed in Control Center

Downloads

You can find the firmware for your appliance from in MySophos portal.