Hi XG Community!

We've released SFOS v17.5.9 MR9 for the Sophos XG Firewall. Initially, the firmware will be available by manual download from the Licensing Portal. We then make the firmware available via auto-update to a number of customers, which will increase over time.

Please visit the following link for more information regarding the upgrade process: Sophos XG Firewall: How to upgrade the firmware.

Issues Resolved

NC-45755 [Authentication] Delayed/timeout for login when users authenticated remotely

NC-46473 [Authentication] Constant login/logout of users

NC-46591 [Authentication] Guest user registration is not working if username is not based on cell number

NC-47038 [Authentication] Password complexity alert on dashboard remains after setting strong password

NC-47933 [Authentication] Chromebook log files not rotating

NC-49930 [Authentication] Access server service is restarting with coredump

NC-49677 [Backup-Restore] tmp partition gets full with backup intended for Central synchronization

NC-46118 [CSC] Not possible to edit business application rule

NC-49648 [CSC] API Get BridgePair requests sometimes report incorrectly "No. of records Zero."

NC-47884 [Email] Mail notification stops working after migrating from CROS to SFOS

NC-48092 [Email] IPReputation Service shows as stopped on dashboard when Email and WAF module not subscribed

NC-50528 [Email] Patch Exim (CVE-2019-15846)

NC-47512 [Firewall] IP-list in DNAT rule does not work if service object contains TCP & UDP port combination

NC-48803 [Firewall] Virtual Host update is calling on every FQDN IP update even its not used in virtual host configuration

NC-50222 [Firewall] Firewall rule position display is incorrect on rule deletion

NC-51079 [Firewall] Invalid traffic config takes effect only after reboot - Garner flooded with firewall dropping events

NC-51181 [Firewall] Invalid messagid(0) log being sent to garner from pktcapd

NC-50191 [Firmware Management] Device rebooting continuously while boot with SFOS firmware version after migration from CROS

NC-51607 [Firmware Management] Smaller devices in HA are not able to migrate to v18.0

NC-47546 [HA] Delay in routing traffic during HA failover when interfaces without an IP address are configured

NC-50786 [Interface Management] Webadmin Interface page with lots of devices stops loading after 7 minutes

NC-46908 [IPS Engine] IPS double free or corruption (!prev): 0x000000000a9c69e0

NC-45317 [IPsec] Overload protection for IPsec IKE daemon

NC-46550 [L2TP] L2TP disconnects after rekey and doesn't reconnect

NC-44124 [Licensing] Registration page shows up in HA setup after upgrading to 17.5 to 17.5 MR1

NC-33302 [Logging Framework] HttpProxy Dead-Epoll worker coredump

NC-47183 [Logging Framework] Reports in Control Center shown with delay

NC-48106 [Logging Framework] XG85 - /tmp partition fills up

NC-50024 [Logging Framework] Improper input validation in email notification after failed login (Webadmin, SSH, ...)

NC-50127 [Logging Framework] Garner coredump in HA setup at handle_sync_input

NC-50493 [Logging Framework] S2S IPsec logging in LogViewer is inconsistent

NC-49273 [Reporting] Filtering on blocked user activities not working as expected

NC-47823 [SecurityHeartbeat] heartbeatd libssl segfaults

NC-48453 [SecurityHeartbeat] When heartbeat switch is toggled, in UI SAC switch is not updated

NC-49791 [SecurityHeartbeat] Heartbeat status not behaving as expected when the client machine has multiple IPs

NC-49852 [SFM-SCFM] SSH got exposed on XG after new firewall rule is pushed from SFM

NC-43977 [UI Framework] Incorrect message shown after disabling/enabling any device access services in Central Firewall UI

NC-30827 [WAF] Double quotes in site path rules breaks WAF when reverse authentication is used

NC-49251 [WAF] Newly created duplicate WAF policy not taking precedence

NC-49777 [WAF] Frontend realm and cookie secret not unique for default authentication profiles

NC-49906 [WAF] Limited cross-site scripting in mod_proxy (CVE-2019-10092)

NC-50172 [Web] Conform to Apple's new certificate requirements (awarrenhttp)

NC-47617 [Wireless] API - 'update' operation does not work

NC-47975 [Wireless] Remove/Disable simplified bridge does not work

NC-48628 [Wireless] TX/RX UI values are mixed up for 2.4Ghz network

Download

To manually install the upgrade, you can download the firmware from the Licensing Portal. Please refer to Sophos XG Firewall: How to upgrade the firmware.