Hi XG Community!

We've finished SFOS v17.0.6 MR6. This release is available from within your device for all SFOS v17.0 installations as of now.

Besides that, the release is available to all SFOS version via MySophos portal.

Notes

On v16 to v17 update, SFOS does not set SHA2 truncation on custom IPSec policy. Please see https://community.sophos.com/kb/127867

Behavior change between SFOS v17.0 MR5 and v17.0 MR6 when IPsec connection using a hostname instead of an IP address. Please see https://community.sophos.com/kb/en-us/131814.

Issues Resolved

NC-26520 [Base System] Logviewer exceeds allotted diskspace

NC-26601 [Base System] validatePort didn't validate all used ports correctly

NC-25574 [IPsec] Upgrade to v17 failed when a policy with name 'IKEv2' was created before upgrade

NC-26694 [IPsec] High memory usage of charon

NC-27001 [IPsec] Unable to enable the fail-over group for IPSec

NC-27228 [IPsec] IPsec connection ref count sometimes wrong

NC-27276 [IPsec] IKEv2 connection not retried when receiving AUTH_FAILED

NC-27278 [IPsec] Display issue in IE11 for IPSec Connections - NAT

NC-27283 [IPsec] HA: Hard reset failover takes too long

NC-27333 [IPsec] HA: Connections not synced to aux when pushing connect button

NC-27384 [IPsec] Race condition in charon when 60s retry timeout and IKE_INIT occur close together

NC-27412 [IPsec] IPSec failover group shows 2 active connections

NC-27510 [IPsec] IKEv1: cannot handle more than 2 concurrent Quick Mode exchanges per IKE_SA

NC-27608 [IPsec] IPSec Profiles XML has no information for new added configuration

NC-27734 [IPsec] Unable to recreate the config using the same connection name in Cisco VPN connection after reset

NC-27916 [IPsec] CSC freezing sporadically & system goes unresponsive

NC-28090 [IPsec] Follow Up - VPN connection can't be established if the PSK is very long

NC-27240 [Mail Proxy] Unable to send emails due to auto routing to rcpt DNS in case of greylisting reply for MX

NC-27382 [Network Services] DHCP Relay didn't work after upgrade to SF v17 MR3

NC-26104 [Networking] Networkd dead in HA setup

NC-27488 [WAF] Mod_url_hardening stack corruption

Downloads

You can find the firmware for your appliance from in MySophos portal.