Hi XG Community!

We've released SFOS v17.5.10 MR10 for the Sophos XG Firewall. Initially, the firmware will be available by manual download from the Licensing Portal. We then make the firmware available via auto-update to a number of customers, which will increase over time.

Please visit the following link for more information regarding the upgrade process: Sophos XG Firewall: How to upgrade the firmware.

Note: The upgrade from this version SF 17.5 MR10 to v18.0 GA-build339 is supported.

Issues Resolved

NC-46001 [Authentication] STAS is erroring out and causing high CPU load on E-Directory

NC-50521 [Authentication] User group assignment issue with LDAP users

NC-51881 [Authentication] CAA causing access_server to crash

NC-53730 [Dynamic Routing (PIM)] HA active/active appliance is duplicating multicast traffic

NC-50560 [Email] Restrict access to WEB-INF directory on port 8094

NC-37775 [Firewall] Configuring over 20 time schedulers on the various firewall rules is causing CSC freeze

NC-49976 [Firewall] NMI Backtraces & Device Hang in XG v17.5.7-MR7

NC-50176 [Firewall] DNAT with Range doesn't work as expected after reboot

NC-50713 [Firewall] Sophos Connect does not work with WebProxy and HTTPS traffic

NC-51632 [Firewall] Invalid traffic is sent to garner although syslog server is deleted

NC-51867 [Firewall] Denied firewall logs send to garner for allowed firewall rule even if logging is disabled

NC-52395 [Firewall] Getting wrong username in admin event for firewall rule group name update

NC-52474 [Firewall] Incorrect error message displayed while creating "Email server" business rule with existing name

NC-55842 [Firewall] Local ACL Exception Rule not working for WebProxy

NC-46189 [Hotspot] Timeout received when generating lots of vouchers with QR code enabled

NC-50854 [Interface Management] Firefox: vertical scrolling is affected for network interfaces when 4 or more aliases are configured

NC-52056 [Interface Management] GRE Tunnel disabled state doesn't persist through a reboot

NC-54013 [IPS Ruleset Management] Unable to create backup via local, ftp or email

NC-44603 [IPsec] Default Microsoft Azure IPsec policy should use disconnect instead of re-initiate

NC-49919 [IPsec] DGD service stopped and unable to start

NC-51534 [IPsec] Allowed User is not treating as compulsory for Sophos Connect client configuration

NC-51887 [IPsec] Simultaneous login does not work for Sophos Connect IPsec client

NC-52701 [IPsec] IPsec tunnel is not reinitiated when XG rekeys IKEv1 session in aggressive mode with certificate

NC-50239 [Network Utils] Internet connection get lost when backup job (storagecraft) is running

NC-52986 [nSXLd] Web categorization failed and nSXLD coredump

NC-49339 [Policy Routing] Traceroute is answered with IP addresses from different port

NC-44880 [RED] XG Site to Site RED Tunnel disconnects randomly and does not reconnect until we restart RED service

NC-46758 [RED] REDS2 interface is showing blank IP address in hosted server details for WAF.

NC-47109 [RED] When customer boot 17.5 MR5 it goes into fail-safe mode because it failed to start RED service

NC-49527 [RED] FQDN host appearing as IP host in RED configuration - split network

NC-50148 [RED] XG85 /tmp partition fills up

NC-47526 [Sandstorm] During Sandstorm scanning, web UI session to the XG gets expired

NC-43224 [Synchronized App Control] Unable to load Synchronized Application Control page

NC-50809 [UI Framework] Patch jQuery (CVE-2019-11358)

NC-44637 [Web] Appliance reboots randomly

NC-47824 [Web] File downloading stopped when enabling HTTPs scanning

NC-51134 [Web] HTTPS redirected links via HTTP not accessible with sandstorm option on

NC-51971 [Web] Scan FTP for malware corrupts zip files

NC-48479 [Wireless] Active Access Points are showing as inactive in GUI

NC-49480 [Wireless] Backup restore fails from CR35iNG to XG135

NC-50532 [Wireless] Wireless Interfaces in UNPLUGGED state after upgrade

NC-51539 [Wireless] HA failover takes 15-20 mins due to separate zone(vxlan) interfaces

NC-52714 [Wireless] Unable to open the GUI due to CSC service stuck

Download

To manually install the upgrade, you can download the firmware from the Licensing Portal. Please refer to Sophos XG Firewall: How to upgrade the firmware.