a picture is following

20.03.2024 - Maintenance Release

zum Author

Sophos Firewall 19.5 MR 3

Beschreibung

Features

  • ZTNA Gateway

    Diese Version unterstützt die kommende Integration des Sophos ZTNA Gateways in die Firewall. Dadurch vereinfacht sich das Deployment von ZTNA. ZTNA ist eine einfache und sichere Möglichkeit für Remote-Mitarbeiter, auf Systeme oder Anwendungen hinter der Firewall zuzugreifen. Mit dem integrierten ZTNA-Gateway in der Sophos Firewall müssen Sie keine zusätzlichen Anwendungen in Ihrem Netzwerk bereitstellen, um den sicheren ZTNA-Zugriff zu unterstützen.
    Die neue ZTNA-Gateway-Funktion wird im September 2023 als Teil von Sophos ZTNA in Sophos Central im Early Access bereitgestellt.

  • Neue SSD-Firmware

    Aktualisierte SSD-Firmware ist für ausgewählte SSD-Modelle in den folgenden 1U-Appliances verfügbar: XGS 2100, 2300, 3100, 3300 und 4300 Die neue Firmware optimiert Leistung und Zuverlässigkeit.

Bugfixes

 
Issue ID Component Description
NC-125331 Authentication Azure AD SSO captive portal authentication is stuck when the web proxy listening port isn't 3128.
NC-125589 DHCP, DHCP PD On-link and autonomous settings are turned off in automatically created RA server for delegated interface.
NC-125595 DHCP, DHCP PD Incorrect error message when creating downstream interface with invalid subnet ID.
NC-124414 Email SPX password exposure in plain text (CVE-2023-5552).
NC-125369 Email Exim libspf2 vulnerability (CVE-2023-42118).
NC-125221 RED RED doesn't establish site-to-site tunnels when RED server enforces TLS 1.2.
NC-119334 Backup-Restore The backup download button is unresponsive.
NC-118460 Dynamic Routing (PIM) Clicking PIM-SM interface table shows the error "Unable to read routing information".
NC-116220 Email Awarrensmtp was in failed status, and inbound email wasn't delivered, but a non-delivery report wasn't sent to senders.
NC-117638 Email Emails are quarantined even if the sender address is added in exception.
NC-124102 Email Unable to turn off legacy TLS protocols.
NC-107708 Firewall Firewall restarts automatically (RIP 0010muser_match+0x747).
NC-120016 Firewall Local ACL doesn't work when the name contains the backslash character.
NC-113034 Hardware Lost device access to XGS appliances, and logs aren't available.
NC-116002 IPsec, SDWAN Routing Branch office users unable to receive an email, mail is slow, IPsec traffic is slow.
NC-122180 Licensing Unable to access web admin console due to license synchronization issue.
NC-122699 nSXLd Adding a trailing period at the end of the domain bypasses web policies.
NC-122511 RED Vulnerability detected on port 3400.
NC-119192 VFP-Firewall Slow speed using Virtio NICs.
NC-119052 WAF WAF protection policy's display issue on the web admin console.
NC-121432 WAF The /tmp directory doesn't remove files and runs out of space, causing AV scan failure.
NC-121415 Web AVD stops responding after a pattern update because a thread isn't released.
NC-119829 WWAN Verizon Mifi 4G USB modem (U620L) doesn't work after an upgrade to 19.5 MR2.
NC-114104 AppFilter Policy Application filter policy set to block all applications loses risk criteria when the template is pushed from Sophos Central.
NC-107481 Authentication Log viewer doesn't show the source IP address for authenticated SSL VPN users.
NC-110927 Authentication Missing logs for MFA enable-disable events.
NC-113532 Authentication Can't remove authorizers from the data anonymization setting.
NC-114057 Authentication Match known users option in firewall rule drops traffic because user identity isn't being marked.
NC-114950 Authentication View usage doesn't work when the username has a single quote, and web admin console stops responding.
NC-116602 Authentication Log viewer doesn't show the source IP address when authentication fails for SSL VPN Users.
NC-116880 Authentication When two-factor authentication is on, SSH keys disappear if they're added by an administrator other than the default admin.
NC-116881 Authentication Uploading a certificate when the admin signs in through Azure AD SSO results in a sign-out.
NC-119049 Authentication access_server stops responding due to missing nsgencode multi-thread support.
NC-119183 Authentication Transaction failure for eDirectory authentication server.
NC-119560 Authentication Mandatory firmware update through the setup assistant causes the initial setup to start repeatedly.
NC-94533 Certificates Attribute challenge password prevents the issue of a certificate with No-IP.
NC-119825 Certificates Unable to download the default certificate from Web > General Settings. Results in a sign-out when admin clicks the download button.
NC-102256 Clientless Access VNCFreeRDP stops responding.
NC-108378 Clientless Access Clientless access doesn't work if name contains an umlaut character.
NC-114627 Clientless Access Unable to connect to RDP over clientless SSL VPN if the username contains a space.
NC-115982 CM Alert appears in Sophos Central. "Firewall has not checked in with Sophos Central for the past 5 minutes".
NC-116312 CM Garner thread stuck in Central Management plugin.
NC-118749 CM Specific API call doesn't work.
NC-119198 CM Unable to change the password for admin accounts from Sophos Central Firewall Management.
NC-120519 CM Disable Central Management doesn't work per the firewall's API document.
NC-108562 Core Utils Public key authentication for admin can't be managed through Sophos Central.
NC-117314 Core Utils SWAP memory usage full.
NC-107388 DDNS DDNS logs appear every five minutes.
NC-111790 DHCP Unable to configure or edit interfaces.
NC-113102 DHCP Unable to add static MAC entry for specific DHCP pool.
NC-109623 Dynamic Routing (BGP) BGP-FRR doesn't advertise the configured networks if they aren't available in RIB.
NC-115369 Dynamic Routing (OSPF) OSPF repeatedly flaps when running continuous scan with ICMP echo.
NC-112492 Dynamic Routing (PIM) PIMD service doesn't respond.
NC-107283 Email Awarrensmpt service doesn't respond.
NC-108237 Email Spam emails are allowed with the error "spam scanning failed, unable to connect local antispam".
NC-108450 Email Inbound forwarded emails with attachments aren't delivered because of malware scan failure.
NC-109625 Email Inbound emails from specific domains are quarantined because of DKIM verification failure.
NC-110897 Email Error logs when using Sophos as AV in web server protection policy.
NC-111023 Email Legacy email mode stops responding frequently.
NC-112128 Email Release link settings can't be saved in quarantine digest.
NC-113038 Email Mail communication stopped working after upgrading to 19.5 GA.
NC-113458 Email MIME type recognition issues when Zero-day protection is turned on.
NC-113547 Email Invalid IP address causes error for notification mails.
NC-116845 Email Fix occasional UT error in mailpoller.
NC-116899 Email Attachment is allowed even if it's blocked in extension or MIME header.
NC-117881 Email Antispam service stops responding.
NC-120138 Email EmailUtilityis_valid_messageid is too strict.
NC-101846 Firewall Connections fail due to a high number of www in FIN_WAIT.
NC-108536 Firewall Firewall rules stopped working after backup-restore due to failure of XML API through which the firewall rules were created.
NC-109201 Firewall Device goes into Failsafe mode after upgrade. Unable to apply firewall framework.
NC-112136 Firewall RED connection interrupted when firewall acceleration is turned on in XG 310.
NC-116527 Firewall Entities.xml shows a firewall rule that doesn't appear on the web admin console.
NC-116890 Firewall NAT rule doesn't get marked after the firewall restarts.
NC-116939 Firewall Pktcapd bpf filter causing device restart (___bpf_prog_run).
NC-117063 Firewall Allowed child connection is logged as dropped.
NC-118204 Firewall, SDWAN Routing Static multicast packet changes reply destination when SD-WAN policy is applied.
NC-85114 Firmware Management kworker process continuously uses high CPU on XG 450.
NC-109689 FQDN Adding a new FQDN host causes the resolver to restart or stop responding and causes DNS resolution failure during the time.
NC-111423 FQDN FQDN resolving with low TTL (2-5 seconds) is creating an issue with wildcard FQDN host.
NC-111476 FQDN Subdomain learning doesn't work for non-SFOS DNS server set for the client.
NC-117675 Gateway Management WWAN gateway update flow updates incorrect monitorid when wwan-gwid isn't the same as its monitorid.
NC-109626 HA Standalone device restarts. Too many open files.
NC-106738 Hotspot Sort functionality doesn't work properly for hotspot vouchers in the user portal.
NC-119525 Hotspot Valid until time on hotspot sign-in uses UTC instead of local system time.
NC-120118 Hotspot Missing information in hotspot voucher created for users.
NC-116314 Interface Management Unable to delete or make changes to bridge interface.
NC-98796 IPS-DAQ Coredump during DAQ shutdown due to incorrect order of thread stop.
NC-107329 IPS-DAQ Snort shows high CPU usage, resulting in low bandwidth.
NC-114872 IPS-DAQ Certificate-based authentication failing for server with small RX win.
NC-115019 IPS-DAQ-NSE Firewall locks up. Snort core generated.
NC-119321 IPS-DAQ-NSE Slow download speed with SSL/TLS inspection turned on along with malware scanning even if TLS isn't being decrypted.
NC-107042 IPsec IPsec VPN path MTU-related connection issues with IPsec acceleration.
NC-119047 IPsec SSL/TLS inspection doesn't work for VPN users.
NC-119898 IPsec XFRM tunnel remains disabled when both site-to-site and route-based VPNs are up simultaneously on the same local-remote gateway pair.
NC-114411 IPS Engine IPS policy behavior issue in Sophos Central.
NC-116448 L2TP A checkbox isn't visible on the first line for L2TP members.
NC-112138 Licensing Licenses not synchronizing.
NC-107504 Logging Framework Unable to update the pattern file at AirGap sites.
NC-107975 Logging Framework Logging stops on device. Database disk image is malformed.
NC-110678 Logging Framework Live logs aren't being generated in log viewer.
NC-113004 Logging Framework Garner stops responding at init_cache_tree during sync cache.
NC-114652 Logging Framework (Central Reporting) After 7200 files, sending files to Sophos Central stops with error on gzclose.
NC-108003 NFP-Firewall Memory utilization increases until firewall stops responding.
NC-100418 nSXLd Internet down with error "nSXLd Connection timeout while connecting to SXL server".
NC-115360 nSXLd Deleted policy from Sophos Central continues to appear in the firewall.
NC-117753 PPPoE Internet through PPPoE doesn't work after HA failover.
NC-112058 RED Some reports for RED tunnel on XG Firewall don't load.
NC-112117 RED Editing a RED configuration in XG Firewall caused the firewall to become unresponsive.
NC-112621 RED Unable to edit some RED interfaces.
NC-113005 RED RED tunnels restart suddenly.
NC-117243 RED Disable DHE cipher support for RED.
NC-117786 Reporting Security Audit Report score data in email differs from what's shown in the firewall.
NC-111110 SDWAN Routing Import-export doesn't reflect changes in SD-WAN profiles.
NC-112722 SDWAN Routing garner.log is flooded with continuous logs for cache failures.
NC-114075 SDWAN Routing Connectivity issue when using route-based VPN with SD-WAN Routes or profiles.
NC-107178 SecurityHeartbeat Improve license enforcement message for Synchronized Security.
NC-116531 SecurityHeartbeat Can't access resources for some time when Security Heartbeat is configured.
NC-117680 SecurityHeartbeat Ipset hb_green entry removed without cause.
NC-111441 SSLVPN Remote access SSL VPN doesn't work after upgrade.
NC-112065 SSLVPN When Azure AD is used as the authentication type, the Authentication > Services page goes into buffering.
NC-112211 SSLVPN /conf/certificate/openvpn directory is missing.
NC-114163 SSLVPN Connections from LAN to static SSL VPN IP address are routed through WAN on XGS.
NC-117669 Firewall "Invalid TCP state" logs in HA appliances for traffic coming from the auxiliary device.
NC-120190 SSLVPN Site-to-site SSL VPN connections fail due to the absence of serveruser.conf file.
NC-112370 Gateway Management Error while updating failover rules in WAN link manager.
a picture is following

Sven

7 Jahre Technischer Support

Zertifizierung: Sophos Firewall Sales Consultant, Sophos Firewall Technician, Sophos Firewall Engineer

Spezialisierung: UTMshop Academy, Access Points, Einrichtung, Troubleshooting