Software update: Sophos XG Firewall 17.0.8 MR8

Sophos has released a new version of its XG Firewall with 17.0.8 MR8 as version number. This software is delivered both on physical hardware and in a soft-appliance for VMware, Hyper-V, Xen and KVM . In addition to the paid variants for companies, Sophos offers this firewall for home use at no cost, as can be read on this page . For the various image and update files you can go to the MySophos portal . The announcement of this edition is as follows:

SFOS 17.0.8 MR8 Released
This release is available in stages. MySophos will be available in the first internship. Next week, it will be available for all SFOS v17.0 installations and later it will be available to v16.05 installations as well.
On v16 to v17 update, SFOS does not set SHA2 truncation on custom IPSec policy. Please see
Issues Resolved

  • NC-27996 [Authentication] access_server coredump results in users getting logged out
  • NC-29485 [Authentication] access_server coredumps and restartings
  • NC-28033 [Base System] Packet capture and connection list issue
  • NC- 28566 [Base System] Garner service restarts
  • NC-27214 [Firewall] IPsec NAT chain for all VPN tunnels gets removed if only one tunnel goes down
  • NC-29243 [Framework(UI)] Subnet creation is broken for IE11
  • NC -26151 [IPsec] IPsec connections can not always be disabled
  • NC-27034 [IPsec] IKE packets lost when routed over the HA link
  • NC-28076 [IPsec] IPsec detail view has a mismatch for tunnel status
  • NC-28558 [IPsec] ‘UP’ Email notifications are not sent when the IPsec tunnels come up within 1 second
  • NC-28577 [IPsec] Two IKEs for the same connections Leads to a lot REKEYED connection on responder
  • NC-28795 [IPsec] Strongswan service is stuck in CSC for HA pair [19659007] NC-28850 [IPsec] IPsec Connection UI page hangs
  • NC-28857 [IPsec] PFS is shown as enabled in GUI although it is disabled in policy
  • NC-28909 [IPsec] Coredump generated for charon due to segmentation fault
  • NC-29043 [IPsec] CSC hangs – system becomes unresponsive
  • NC-29129 [IPsec] IPsec connection is not reestablished after PPPoE reconnect
  • NC-29242 [IPsec] Can not configure VPNs using IE11 [19659007] NC-29254 [IPsec] Random route deletion in IPsec with DGD
  • NC-29378 [IPsec] vpnconn_all_status_update takes continuous high cpu when IPsec VPN manage page stays open
  • NC-29834 [IPsec] Multiple IKE_SAs in CONNECTING state for the […] NC-29936 [IPsec] NC-29995 [IPsec] IPsec package filter rules missing after DGD failback not initiated after DHCP inter face update
  • NC-28106 [RED] RED tunnel disconnects every 24h
  • NC-29465 [Reporting] Not able to send mail digest – due to full connections