Hi XG Community!

We've finished SFOS v17.0.8 MR8. This release is available in stages. In first stage it will be available at MySophos. We then start with a small amount of slots for v17.0 and will increase those over time. Later it will be available to v16.05 installations as well.

Update: SFOS v17.0.8 MR8 is now available to all SFOS installations. It's also available via SFM/CFM.

Notes

On v16 to v17 update, SFOS does not set SHA2 truncation on custom IPSec policy. Please see https://community.sophos.com/kb/127867

Issues Resolved

NC-27996 [Authentication] access_server coredump results in users getting logged out

NC-29485 [Authentication] access_server coredumps and restartings

NC-28033 [Base System] Packet capture and connection list issue

NC-28566 [Base System] Garner service restarts

NC-27214 [Firewall] IPsec NAT chain for all VPN tunnels gets removed if only one tunnel goes down

NC-29243 [Framework(UI)] Subnet creation is broken for IE11

NC-26151 [IPsec] IPsec connections can't always be disabled on first try

NC-27034 [IPsec] IKE packets lost when routed over the HA link

NC-28076 [IPsec] IPsec detail view has a mismatch for tunnel status

NC-28558 [IPsec] 'UP' Email notifications are not sent when the IPsec tunnels come up again within 1 second

NC-28577 [IPsec] Two IKEs for the same connections leads to a lot REKEYED connection on responder

NC-28795 [IPsec] Strongswan service is stuck in CSC for HA pair

NC-28850 [IPsec] IPsec Connection UI page hangs

NC-28857 [IPsec] PFS is shown as enabled in GUI although it is disabled in policy

NC-28909 [IPsec] Coredump generated for charon due to segmentation fault

NC-29043 [IPsec] CSC hangs - system becomes unresponsive

NC-29129 [IPsec] IPsec connection is not reestablished after PPPoE reconnect

NC-29242 [IPsec] Cannot configure VPNs using IE11

NC-29254 [IPsec] Random route deletion in IPsec with DGD

NC-29378 [IPsec] vpnconn_all_status_update takes continuously high cpu when IPsec VPN manage page stays open

NC-29834 [IPsec] Multiple IKE_SAs in CONNECTING state for the same config when peer does not respond

NC-29936 [IPsec] vpnconn_all_status_update can overload the system

NC-29995 [IPsec] IPsec paketfilter rules missing after DGD failback

NC-30192 [IPsec] IPsec S2S connection not initiated after DHCP interface update

NC-28106 [RED] RED tunnel disconnects every 24h

NC-29465 [Reporting] Not able to send mail digest - due to PG connections full

Downloads

You can find the firmware for your appliance from in MySophos portal.