Important Note

The XG Firewall v18 MR1 release has been pulled. Update: The release is replaced by XG Firewall v18 MR1-build396



Sophos has received reports from a subset of XG Firewall v18 MR1 systems, where the update has caused issues with traffic passing through the Firewall. Because of this, MR1 was pulled on the first day of Community availability as it warranted a fix before broader release. The release is replaced by XG Firewall v18 MR1-build396, that addresses the issue.



XG Firewall v18 has been our most ambitious release ever and is one of the highest quality releases we’ve ever done thanks to an extensive Early Access Program that ran for over five months. In fact, several customers and partners deployed it en masse to production firewalls on launch day as a result of their confidence in the early access program. It is a rock solid and extremely well-tested release that you can feel confident running on your XG Firewall.



If you are looking to upgrade from v17.5, please read the latest KB article which contains more information on this topic. Hi XG Community!

We've released XG Firewall v18 MR1.

Enhancements

Supports new SD-RED 20 and SD-RED 60 devices.

XG Firewall web console now shows granular reasons for firmware upload failure

Plus, more than 45 issues resolved in this release (refer Issues Resolved section below)

With the tremendous need for VPN connectivity in this challenging time, we have put together some important information here for you to achieve your networking needs: To configure VPN Remote Access on your Sophos XG Firewall. Check out this useful Community post! To substitute XG for RED devices via Light-Touch deployment from Sophos Central. Check out this useful Community post!



Note: Upgrade from SF 17.5 MR11 to v18.0 MR1 is now supported.

More on XG Firewall v18

Please refer XG Firewall v18 highlights for more details on all-new Xstream Architecture delivering extreme new levels of visibility, protection and performance. Also, check out our XG Firewall v18 playlist on YouTube to find out what's new in XG Firewall v18!

Get it now!

As usual, this firmware update is no charge for all licensed XG Firewall customers. The firmware will be rolled-out automatically to all systems over the coming weeks but you can access the firmware anytime to do a manual update through Licensing Portal. You can refer this article for more information on How to upgrade the firmware.

Please find the replacement of this release at https://community.sophos.com/products/xg-firewall/b/blog/posts/xg-firewall-v18-mr1-build396.

Things to know before upgrading

You can upgrade from SFOS 17.5 (MR6 to MR11) to 18.0 MR1. Check out the relevant sections of the XG v18 release notes for details on:

Issues Resolved

NC-30903 [Authentication] STAS configuration is editable via GUI on AUX machine

NC-50703 [Authentication] Access server restarted with coredump using STAS and Chrome SSO

NC-50716 [Authentication] Cannot import LDAP server via XMLAPI if client cert is "None"

NC-54689 [Authentication] Support download certificate for iOS 13 and above

NC-55277 [Authentication] Service "Chromebook SSO" is missing on Zone page

NC-51660 [Backup-Restore] Restore failed using a backup of XG135 on SG230 appliance

NC-55015 [Bridge] Wifi zone is not displayed while creating bridge

NC-55356 [Bridge] TCP connection fails for VLAN on bridge with HA Active-Active when source_client IP address is odd

NC-52616 [Certificates] Add support for uploading of CRLs in DER format

NC-55739 [Certificates] EC certificate shows up as "RSA" in SSLx CA cert dropdowns

NC-55305 [CM (Zero Touch)] System don't restart on changing time zone while configured through ZeroTouch

NC-55617 [CM (Zero Touch)] Getting wrong error message in log viewer after ZeroTouch process

NC-55909 [Core Utils] Unable to see application object page on SFM

NC-30452 [CSC] Dynamic interface addresses not showing on Aux after failover

NC-54233 [CSC] EpollWorker coredump

NC-55386 [Dynamic Routing (PIM)] PIM-SM import fails with LAG as dependent entity

NC-55625 [Dynamic Routing (PIM)] In HA with multicast interface, routes are not getting updated in the Aux routing table

NC-55461 [Email] After adding/edit FQDN host with smarthost, it is not displayed on the list until refresh the page

NC-58898 [Email] Potential RCE through heap overflow in awarrensmtp (CVE-2020-11503)

NC-55635 [Firewall] Display filter for forwarded is not working properly on packet capture page

NC-55657 [Firewall] HA backup restore fails when port name is different in backup and appliance

NC-55884 [Firewall] IPS policy id and appfilter id not displaying in firewall allow log in logviewer

NC-55943 [Firewall] Failed to resume existing connection after removal of heartbeat from firewall configuration

NC-57084 [Firewall] Custom DMZ not listed in dedicated link HA configuration

NC-44938 [Firmware Management, UX] Web UI does not surface reasons for firmware upload failure

NC-55756 [Gateway Management] Gateway isn't deleted from SFM UI after deleting it from SFM

NC-55552 [HA] WWAN interface showing in HA monitoring ports

NC-55281 [Import-Export Framework] Full configuration import fails when using third party certificate for webadmin setting

NC-55171 [Interface Management] VLAN Interface IP is not assigned via DHCP when gateway name uses some special characters

NC-55442 [Interface Management] DNS name lookup showing incorrect message

NC-55462 [Interface Management] Import fails on configuring Alias over VLAN

NC-55659 [Interface Management] Invalid gateway IP and network IP configured using API for IPv6

NC-56733 [Interface Management] Patch PPPd (CVE-2020-8597)

NC-51776 [IPS Engine] Edit IPS custom rule protocol doesn't work after creation

NC-51558 [IPsec] Add warning message before deleting xfrm ipsec tunnel

NC-55309 [Logging] Local acl rule not created through log viewer for IPv4 and IPv6

NC-50413 [Logging Framework] Gateway up event log for PPPoE interface not always shown in logviewer

NC-55346 [Logging Framework] Clear All for "Content filtering" does not clear SSL/TLS filter option

NC-56831 [Policy Routing] SIP traffic sometimes not working with SDWAN policy route

NC-46009 [SecurityHeartbeat] Spontaneous reconnects of many endpoints

NC-51562 [SecurityHeartbeat] Heartbeat service not started after HA failover

NC-52225 [Synchronized App Control] SAC page loading issues as the list of apps increases

NC-54078 [UI Framework] Internet Explorer UI issue on certain rules and policies pages

NC-56821 [Up2Date Client] SSL VPN downloading with the 0KB

NC-54007 [Web] File type block messages sometimes contain mimetype rather than file type

Making the most of your new XG Firewall features

Free Online Training

Available for free for all XG Firewall customers, our delta training program will help you make the most of the new features in XG Firewall v18.

This online program walks you through the key enhancements since v17.5 and takes about 90 minutes to complete. Get started here!



Customer Resources and How-To Videos

Also be sure to visit the Customer Resource Center for the latest How-To Videos and links to documentation, the community forums, training and other resources.

Take advantage of Partner and Sophos Professional Services

To augment your local Sophos partner’s services, we offer services to help you getting up and running and make the most of your XG Firewall, including the latest capabilities in v18.

While Sophos Professional Services can help with any task, here are the most common services they provide: XG Firewall deployment and setup XG Firewall v18 DPI, FastPath and SSL Engine Optimization XG Firewall Health Checks



Here are some direct links to helpful resources:

New to XG Firewall?

If you’re new to XG Firewall, see how it provides the world’s best network visibility, protection and response on the new XG Firewall website.