Sophos XG – SFOS 17.0.0 GA Released

First, I’m sorry that the blog “fallen asleep”. I was on holiday and have currently many other business projects. I will blog more in the next time and will write a big overview of the new SFOS v17 release. We will start trainings and start selling XG devices soon in my company, so I think there will be more stuff to blog 🙂

 

Sophos released the new v17 of the XG operating system. I think this is “the real XG software” with new GUI improvements, closing feature gaps to UTM and many bugfixes.

 

 

What’s New

Setup, Control Center and Navigation

  • Initial Setup Wizard
  • Synchronized App Control Widget
  • Unified Log Viewer and More Granular Logging
  • How-to Guides

Security and Control

  • Synchronized App Control
  • Web Keyword Monitoring and Enforcement
  • IPS Policy Enhancements and Smart Filters
  • App Control Policy Enhancements and Smart Filters
  • Web Filtering Enhancements
  • Streaming Media Enhancements

Management and Troubleshooting

  • Firewall Rule Management
  • Firewall Rule and Policy Test Simulator

Reporting

  • Synchronized Applications Report
  • Web Keyword Content Report
  • Security Audit Report (SAR)
  • Report Scheduling

Network and VPN

  • IKEv2 Support
  • VPN UI Enhancements
  • Wildcard Support for Domain Name Host Objects
  • NAT Rule Enhancements

Email Protection

  • Smart Host
  • Greylisting
  • Recipient Verification

Synchronized Security

  • Synchronized Security in Discover (TAP) Mode Deployments
  • Synchronized App Control

Deployment and Hardware

  • Microsoft Azure High Availability
  • New Hardware Support
  • Central Management

Issues Resolved

  • NC-21736 [Base System] Upload of Azure firmware fails if up2date is larger than 300MB
  • NC-21045 [CR-to-CN_Migration] Support migration from CR10.6.6 to SF v17.0
  • NC-22582 [Firewall] NAT chain failed if DNAT rule configured using wildcard FQDN
  • NC-22657 [Firewall] Cyberoam to SF v17 migration fails when virtual hosts with portforwarding and firewall rule with DNAT are used
  • NC-22508 [IPS] Change button text from “Cancel” to “Don’t Upgrade Yet” in the firmware pop up
  • NC-22664 [IPsec] IPSec local id validation always failes if another connection uses external cert with remote gateway *
  • NC-22385 [Logging] Fix UI issues in new log viewer
  • NC-22523 [Logging] “Firewall Rule ID” label is sometimes displayed wrong as “Policy ID” in Logviewer
  • NC-22570 [Logging] “Copy_to Clipboard” text is added at the end of the log content copied
  • NC-22571 [Logging] Platform column details are not displayed properly under IPS logs
  • NC-22625 [Logging] Content match is not color coded if the match is a date
  • NC-22655 [Logging] Special chars need to be handled in the log viewer filter
  • NC-22656 [Logging] Results which match filter key are also highlighted
  • NC-22685 [Logging] Web filter icon showing red color even log sub type is allowed in some case
  • NC-22691 [Logging] In- and output interface show same name in logviewer standard view ‘Firewall’ log
  • NC-22612 [Mail Proxy] Control Center widget does not reflect email sandstorm activities
  • NC-22709 [Mail Proxy] SMTP connection issue with high latency mail servers
  • NC-22782 [Network Services] Remove *.cloudefront.net wildcard FQDN host
  • NC-21776 [Networking] MLM methods can be changed in HA via CLI from Auxiliary appliance
  • NC-22619 [Networking] Unicast route is removed from routing table after interface update
  • NC-22431 [nSXLd] Embedded URLs are categorized incorrectly
  • NC-22536 [Reporting] Manual filter is not working for application contain “\ & \\”
  • NC-22699 [Reporting] App details are missing for blocked applications
  • NC-22747 [Reporting] Report drill down stops working when using languages other than English
  • NC-22043 [Synchronized App Control] It is not possible to add new apps to application filter without customization
  • NC-22393 [Synchronized App Control] Synchronized Applications in reports doesn’t display details for application
  • NC-22542 [Synchronized App Control] Use filename instead of full path in app list
  • NC-22719 [UI] Logviewer logs are not updated properly when switching between pages
  • NC-22130 [WAF] Issue with TLS settings for virtual webserver
  • NC-22610 [WAF] Logviewer does not show the affected entity name
  • NC-22654 [Web] Captive portal redirection does not work for iOS mobile devices
  • NC-22006 [Wireless] WPA2 KRACK vulnerability fixes (via pattern update)

Downloads

You can find the firmware for your appliance from in MySophos portal (in my case for VMware):

 

2 thoughts on “Sophos XG – SFOS 17.0.0 GA Released

    • Can you test it? Just update to v17. Did you configure a DNS Request Route to your local DNS server under Network / DNS / DNS Request Route like this?: 50.168.192.in-addr.arpa

Leave a Comment