Hi XG Community!

We've finished SFM v17.0.0 GA. This release is available from within your device for all SFM installations as of now.

Beside that, the release is available via MySophos portal.

What's New

Synchronised Application Control

SFM now has a Synchronised Application Control global summary page showing Apps detected by each Firewalls.

Firewall Rule improvements

The Firewall Rule creation supports the Service widget in Business Rules. The Firewall Rules view page is in sync with new slim look with rule details shown up upon mouse hover.

IKEv2 for IPSec

IPSec VPN configuration now has IKEv2 key exchange in general settings. The VPN wizard in SFM is updated to include IKEv2.

IPS UX improvements

The SFOS v17 enhancement in IPS is adopted on the UI of SFM. Now one can add IPS Policy Rules using the new Smart Filter.

PUA

Potentially Unwanted Applications blocking can be enabled, and Authorized PUAs can be added under general settings of Web menu.

Application Filter UX improvements

All the SFOS v17 enhancement in Application Filter is adopted on the UI of SFM. Now one can add App filter policy using Smart Filter.

Policy Test Tool

SFM v17 allows one to test firewall rules or web policy at a device level.

Email improvements

SFM v17 now carries all Email UX improvements and configuration enhancements like Adding of Grey listing support for MTA, Recipient verification call out and Smart host for outbound mail forwarding.

WAF enhancement

SFM v17 now has the TLS version settings under Web server aiding in creating Web Application Firewall rules complying with the latest TLS v1.2 version.

Wild card FQDN

The SFOS v17 Wildcard FQDN support is extended to SFM, helping in creating new or existing pre-populated FQDN hosts and use it in Firewall and Policy Route.

Log viewer

Log viewer in SFM v17 now supports the Standard view of SFOS v17.

Issues Resolved

NCCC-5338 [SCFM] Username overlaps into entity column in event viewer

NCCC-5517 [SF Compatibility] Log Component "GUI" is not available in filter option

NCCC-5518 [SF Compatibility] Compatibility v17: VPN IPSec connection are not pushed from group level and showing error related to "Certificate" although selection was "Preshared Key"

NCCC-5522 [SF Compatibility] Compatibility v17: Service not pushed for User/Network Rule

NCCC-5123 [SFM] SFM shows red state icon for SSL VPN (Site to Site)

NCCC-5335 [SFM] Use TLS 1.2 for WebAdmin

NCCC-5337 [SFM] IPS signatures aren't the same in SFM and SFOS

NCCC-5344 [SFM] GUI not accessible if password has "\"

NCCC-5490 [SFM] Can not delete device from SFM

NCCC-5498 [SFM] Firewall rules showing up "0" in template when importing configuration into template in SFM

NCCC-5858 [SFM] Import Template - missing configuration

NCCC-5890 [SFM] Update documentation about authentication server section

NCCC-5894 [SFM] SFM restore fails

NCCC-5973 [SFM] Input Value length exceeds limit: Password Length

NCCC-6176 [SFM] Unable to add template using import template configuration option due to template compatibility is not downloaded automatically

NCCC-5164 [SFM-SCFM] Country host synchronization fails

NCCC-5239 [SFM-SCFM] Unable to register Security Heartbeat configuration to more than one SF device from SFM group level

NCCC-5241 [SFM-SCFM] Unable to create Custom Group if user select multiple firmware (more than 10) in group criteria

NCCC-5243 [SFM-SCFM] E-mail alerts have incorrect time within the email body

NCCC-5245 [SFM-SCFM] Content Distribution port change does not apply on SF devices

NCCC-5252 [SFM-SCFM] Labels on URL group's manage/edit page mismatched with SF URL group's page

NCCC-5253 [SFM-SCFM] Web Protection Exception: User cannot deselect 'Malware Scanning' action on the update event of any exception

NCCC-5254 [SFM-SCFM] Web Protection Exception: 'Selection Criteria' filter do not working properly

NCCC-5257 [SFM-SCFM] Traffic Shaping Default: UI differs between SFM and SF

NCCC-5261 [SFM-SCFM] Web Policy UI looks weird on device level

NCCC-5272 [SFM-SCFM] No validation message on UI for IPSec connections

NCCC-5273 [SFM-SCFM] Wireless Networks: Show warning message about reduced security when selecting 'TKIP encryption' as encryption method

NCCC-5275 [SFM-SCFM] Not able to update VPN wizard when added select device name contains space in name

NCCC-5279 [SFM-SCFM] Rogue AP Scan: Junk characters displayed as "Entity Name" for the update event of Rogue AP Scan > General Settings

NCCC-5284 [SFM-SCFM] SSL VPN authentication methods section is misplaced in SFM

NCCC-5291 [SFM-SCFM] SSL VPN Remote Access cannot be saved without override global timeout

NCCC-5293 [SFM-SCFM] GUI not accessible when using a certificate with a space in its name

NCCC-5322 [SFM-SCFM] Web Protection can not be updated

NCCC-5326 [SFM-SCFM] SMTP Policy: User have to select RBL service even if 'Spam Protection' section is disabled.

NCCC-5345 [SFM-SCFM] Changing timezone of a SF device results in an internal server error and event viewer showing push operation in-progress

NCCC-5351 [SFM-SCFM] Unused event logs created when any manage page is refreshed of any SF devices level

NCCC-5426 [SFM-SCFM] Template is not imported when SF has a SMTP policy with "File Protection = On" and "Block File Types = None"

NCCC-5427 [SFM-SCFM] SFM template import will not work for SF v17.0 Beta-1 using template forward compatibility

NCCC-5433 [SFM-SCFM] User cannot update any new SMTP policy after adding 127 policies

NCCC-5493 [SFM-SCFM] Compatibility v17: Firewall rule page shows empty feature column

NCCC-5504 [SFM-SCFM] Compatibility v17: Firewall rule position change is not working via drag and drop

NCCC-5507 [SFM-SCFM] Compatibility v17: DNAT rule does not apply on firewall devices from global view when using IP range/IP list in forward type

NCCC-5510 [SFM-SCFM] Device monitor in SFM shows wrong RED status for RED tunnel interface

NCCC-5516 [SFM-SCFM] Monitoring Dashboard show ORANGE icon for "Conn. to Central Mgt." when expecting GREEN

NCCC-5525 [SFM-SCFM] Compatibility v17: DNAT rule cannot be updated in some combinations of forward type

NCCC-5815 [SFM-SCFM] Getting 'DUPLICATE ENTRY NOT ALLOWED' while creating user from group level page

NCCC-5906 [SFM-SCFM] Device Level: 'In and Out bytes' under Features' icon tooltip shows as 'undefined'

NCCC-5919 [SFM-SCFM] IPS: User cannot add IPS Policy Rule with 'Smart Filter' option in any IPS policy

NCCC-5969 [SFM-SCFM] IPS Policy with rule of 'Custom Signature' pushed successfully without selected custom signatures

NCCC-6067 [SFM-SCFM] Alerts notification mail is not send

NCCC-6085 [SFM-SCFM] DoS Setting updated on custom group is not applied on SF device

NCCC-6098 [SFM-SCFM] 'Created Date' column is not available for 'Clientless Users'

NCCC-6111 [SFM-SCFM] Users and Groups can not be updated from custom group level

Downloads

You can find the firmware for your appliance from in MySophos portal.