Software Update: Sophos XG Firewall 17.5 MR10

Sophos has released a new version of its XG Firewall with 17.5 MR10 as the version number. This software runs on physical hardware as well as in a soft appliance for VMware, Hyper-V, Xen and KVM delivered. In addition to the paid variants for businesses, Sophos offers this firewall for home use at no cost, such as on this page can be read. For the various image and update files you can visit the MySophos Portal. The announcement of this release looks like this:

SFOS 17.5 MR10 Released

Hi XG Community!
We’ve released SFOS v17.5.10 MR10 for the Sophos XG Firewall. Initially, the firmware will be available by manual download from the Licensing Portal. We then make the firmware available via auto-update to a number of customers, which will increase over time.

Issues Resolved

• NC-46001 [Authentication] STAS is erroring out and causing high CPU load on E-Directory
• NC-50521 [Authentication] User group assignment issue with LDAP users
• NC-51881 [Authentication] CAA causing access_server to crash
• NC-53730 [Dynamic Routing (PIM)] HA active/active appliance is duplicating multicast traffic
• NC-50560 [Email] Restrict access to WEB-INF directory on port 8094
• NC-37775 [Firewall] Configuring over 20 time schedulers on the various firewall rules is causing CSC freeze
• NC-49976 [Firewall] NMI Backtraces & Device Hang in XG v17.5.7-MR7
• NC-50176 [Firewall] DNAT with Range doesn’t work as expected after reboot
• NC-50713 [Firewall] Sophos Connect does not work with WebProxy and HTTPS traffic
• NC-51632 [Firewall] Invalid traffic is sent to garner although syslog server is deleted
• NC-51867 [Firewall] Denied firewall logs send to garner for allowed firewall rule even if logging is disabled
• NC-52395 [Firewall] Getting wrong username in admin event for firewall rule group name update
• NC-52474 [Firewall] Incorrect error message displayed while creating “Email server” business rule with existing name
• NC-55842 [Firewall] Local ACL Exception Rule not working for WebProxy
• NC-46189 [Hotspot] Timeout received when generating lots of vouchers with QR code enabled
• NC-50854 [Interface Management] Firefox: vertical scrolling is affected for network interfaces when 4 or more aliases are configured
• NC-52056 [Interface Management] GRE Tunnel disabled state doesn’t persist through a reboot
• NC-54013 [IPS Ruleset Management] Unable to create backup via local, ftp or email
• NC-44603 [IPsec] Default Microsoft Azure IPsec policy should use disconnect instead of re-initiate
• NC-49919 [IPsec] DGD service stopped and unable to start
• NC-51534 [IPsec] Allowed User is not treating as compulsory for Sophos Connect client configuration
• NC-51887 [IPsec] Simultaneous login does not work for Sophos Connect IPsec client
• NC-52701 [IPsec] IPsec tunnel is not reinitiated when XG rekeys IKEv1 session in aggressive mode with certificate
• NC-50239 [Network Utils] Internet connection get lost when backup job (storagecraft) is running
• NC-52986 [nSXLd] Web categorization failed and nSXLD coredump
• NC-49339 [Policy Routing] Traceroute is answered with IP addresses from different port
• NC-44880 [RED] XG Site to Site RED Tunnel disconnects randomly and does not reconnect until we restart RED service
• NC-46758 [RED] REDS2 interface is showing blank IP address in hosted server details for WAF.
• NC-47109 [RED] When customer boot 17.5 MR5 it goes into fail-safe mode because it failed to start RED service
• NC-49527 [RED] FQDN host appearing as IP host in RED configuration – split network
• NC-50148 [RED] XG85 /tmp partition fills up
• NC-47526 [Sandstorm] During Sandstorm scanning, web UI session to the XG gets expired
• NC-43224 [Synchronized App Control] Unable to load Synchronized Application Control page
• NC-50809 [UI Framework] Patch jQuery (CVE-2019-11358)
• NC-44637 [Web] Appliance reboots randomly
• NC-47824 [Web] File downloading stopped when enabling HTTPs scanning
• NC-51134 [Web] HTTPS redirected links via HTTP not accessible with sandstorm option on
• NC-51971 [Web] Scan FTP for malware corrupt zip files
• NC-48479 [Wireless] Active Access Points are showing as inactive in GUI
• NC-49480 [Wireless] Backup restore fails from CR35iNG to XG135
• NC-50532 [Wireless] Wireless Interfaces in UNPLUGGED state after upgrade
• NC-51539 [Wireless] HA failover takes 15-20 mins due to separate zone(vxlan) interfaces
• NC-52714 [Wireless] Unable to open the GUI due to CSC service stuck