Issue ID | Component | Description |
---|---|---|
NC-125331 | Authentication | Azure AD SSO captive portal authentication is stuck when the web proxy listening port isn't 3128. |
NC-125589 | DHCP, DHCP PD | On-link and autonomous settings are turned off in automatically created RA server for delegated interface. |
NC-125595 | DHCP, DHCP PD | Incorrect error message when creating downstream interface with invalid subnet ID. |
NC-124414 | SPX password exposure in plain text (CVE-2023-5552). | |
NC-125369 | Exim libspf2 vulnerability (CVE-2023-42118). | |
NC-125221 | RED | RED doesn't establish site-to-site tunnels when RED server enforces TLS 1.2. |
NC-119334 | Backup-Restore | The backup download button is unresponsive. |
NC-118460 | Dynamic Routing (PIM) | Clicking PIM-SM interface table shows the error "Unable to read routing information". |
NC-116220 | Awarrensmtp was in failed status, and inbound email wasn't delivered, but a non-delivery report wasn't sent to senders. | |
NC-117638 | Emails are quarantined even if the sender address is added in exception. | |
NC-124102 | Unable to turn off legacy TLS protocols. | |
NC-107708 | Firewall | Firewall restarts automatically (RIP 0010muser_match+0x747). |
NC-120016 | Firewall | Local ACL doesn't work when the name contains the backslash character. |
NC-113034 | Hardware | Lost device access to XGS appliances, and logs aren't available. |
NC-116002 | IPsec, SDWAN Routing | Branch office users unable to receive an email, mail is slow, IPsec traffic is slow. |
NC-122180 | Licensing | Unable to access web admin console due to license synchronization issue. |
NC-122699 | nSXLd | Adding a trailing period at the end of the domain bypasses web policies. |
NC-122511 | RED | Vulnerability detected on port 3400. |
NC-119192 | VFP-Firewall | Slow speed using Virtio NICs. |
NC-119052 | WAF | WAF protection policy's display issue on the web admin console. |
NC-121432 | WAF | The /tmp directory doesn't remove files and runs out of space, causing AV scan failure. |
NC-121415 | Web | AVD stops responding after a pattern update because a thread isn't released. |
NC-119829 | WWAN | Verizon Mifi 4G USB modem (U620L) doesn't work after an upgrade to 19.5 MR2. |
NC-114104 | AppFilter Policy | Application filter policy set to block all applications loses risk criteria when the template is pushed from Sophos Central. |
NC-107481 | Authentication | Log viewer doesn't show the source IP address for authenticated SSL VPN users. |
NC-110927 | Authentication | Missing logs for MFA enable-disable events. |
NC-113532 | Authentication | Can't remove authorizers from the data anonymization setting. |
NC-114057 | Authentication | Match known users option in firewall rule drops traffic because user identity isn't being marked. |
NC-114950 | Authentication | View usage doesn't work when the username has a single quote, and web admin console stops responding. |
NC-116602 | Authentication | Log viewer doesn't show the source IP address when authentication fails for SSL VPN Users. |
NC-116880 | Authentication | When two-factor authentication is on, SSH keys disappear if they're added by an administrator other than the default admin. |
NC-116881 | Authentication | Uploading a certificate when the admin signs in through Azure AD SSO results in a sign-out. |
NC-119049 | Authentication | access_server stops responding due to missing nsgencode multi-thread support. |
NC-119183 | Authentication | Transaction failure for eDirectory authentication server. |
NC-119560 | Authentication | Mandatory firmware update through the setup assistant causes the initial setup to start repeatedly. |
NC-94533 | Certificates | Attribute challenge password prevents the issue of a certificate with No-IP. |
NC-119825 | Certificates | Unable to download the default certificate from Web > General Settings. Results in a sign-out when admin clicks the download button. |
NC-102256 | Clientless Access | VNCFreeRDP stops responding. |
NC-108378 | Clientless Access | Clientless access doesn't work if name contains an umlaut character. |
NC-114627 | Clientless Access | Unable to connect to RDP over clientless SSL VPN if the username contains a space. |
NC-115982 | CM | Alert appears in Sophos Central. "Firewall has not checked in with Sophos Central for the past 5 minutes". |
NC-116312 | CM | Garner thread stuck in Central Management plugin. |
NC-118749 | CM | Specific API call doesn't work. |
NC-119198 | CM | Unable to change the password for admin accounts from Sophos Central Firewall Management. |
NC-120519 | CM | Disable Central Management doesn't work per the firewall's API document. |
NC-108562 | Core Utils | Public key authentication for admin can't be managed through Sophos Central. |
NC-117314 | Core Utils | SWAP memory usage full. |
NC-107388 | DDNS | DDNS logs appear every five minutes. |
NC-111790 | DHCP | Unable to configure or edit interfaces. |
NC-113102 | DHCP | Unable to add static MAC entry for specific DHCP pool. |
NC-109623 | Dynamic Routing (BGP) | BGP-FRR doesn't advertise the configured networks if they aren't available in RIB. |
NC-115369 | Dynamic Routing (OSPF) | OSPF repeatedly flaps when running continuous scan with ICMP echo. |
NC-112492 | Dynamic Routing (PIM) | PIMD service doesn't respond. |
NC-107283 | Awarrensmpt service doesn't respond. | |
NC-108237 | Spam emails are allowed with the error "spam scanning failed, unable to connect local antispam". | |
NC-108450 | Inbound forwarded emails with attachments aren't delivered because of malware scan failure. | |
NC-109625 | Inbound emails from specific domains are quarantined because of DKIM verification failure. | |
NC-110897 | Error logs when using Sophos as AV in web server protection policy. | |
NC-111023 | Legacy email mode stops responding frequently. | |
NC-112128 | Release link settings can't be saved in quarantine digest. | |
NC-113038 | Mail communication stopped working after upgrading to 19.5 GA. | |
NC-113458 | MIME type recognition issues when Zero-day protection is turned on. | |
NC-113547 | Invalid IP address causes error for notification mails. | |
NC-116845 | Fix occasional UT error in mailpoller. | |
NC-116899 | Attachment is allowed even if it's blocked in extension or MIME header. | |
NC-117881 | Antispam service stops responding. | |
NC-120138 | EmailUtilityis_valid_messageid is too strict. | |
NC-101846 | Firewall | Connections fail due to a high number of www in FIN_WAIT. |
NC-108536 | Firewall | Firewall rules stopped working after backup-restore due to failure of XML API through which the firewall rules were created. |
NC-109201 | Firewall | Device goes into Failsafe mode after upgrade. Unable to apply firewall framework. |
NC-112136 | Firewall | RED connection interrupted when firewall acceleration is turned on in XG 310. |
NC-116527 | Firewall | Entities.xml shows a firewall rule that doesn't appear on the web admin console. |
NC-116890 | Firewall | NAT rule doesn't get marked after the firewall restarts. |
NC-116939 | Firewall | Pktcapd bpf filter causing device restart (___bpf_prog_run). |
NC-117063 | Firewall | Allowed child connection is logged as dropped. |
NC-118204 | Firewall, SDWAN Routing | Static multicast packet changes reply destination when SD-WAN policy is applied. |
NC-85114 | Firmware Management | kworker process continuously uses high CPU on XG 450. |
NC-109689 | FQDN | Adding a new FQDN host causes the resolver to restart or stop responding and causes DNS resolution failure during the time. |
NC-111423 | FQDN | FQDN resolving with low TTL (2-5 seconds) is creating an issue with wildcard FQDN host. |
NC-111476 | FQDN | Subdomain learning doesn't work for non-SFOS DNS server set for the client. |
NC-117675 | Gateway Management | WWAN gateway update flow updates incorrect monitorid when wwan-gwid isn't the same as its monitorid. |
NC-109626 | HA | Standalone device restarts. Too many open files. |
NC-106738 | Hotspot | Sort functionality doesn't work properly for hotspot vouchers in the user portal. |
NC-119525 | Hotspot | Valid until time on hotspot sign-in uses UTC instead of local system time. |
NC-120118 | Hotspot | Missing information in hotspot voucher created for users. |
NC-116314 | Interface Management | Unable to delete or make changes to bridge interface. |
NC-98796 | IPS-DAQ | Coredump during DAQ shutdown due to incorrect order of thread stop. |
NC-107329 | IPS-DAQ | Snort shows high CPU usage, resulting in low bandwidth. |
NC-114872 | IPS-DAQ | Certificate-based authentication failing for server with small RX win. |
NC-115019 | IPS-DAQ-NSE | Firewall locks up. Snort core generated. |
NC-119321 | IPS-DAQ-NSE | Slow download speed with SSL/TLS inspection turned on along with malware scanning even if TLS isn't being decrypted. |
NC-107042 | IPsec | IPsec VPN path MTU-related connection issues with IPsec acceleration. |
NC-119047 | IPsec | SSL/TLS inspection doesn't work for VPN users. |
NC-119898 | IPsec | XFRM tunnel remains disabled when both site-to-site and route-based VPNs are up simultaneously on the same local-remote gateway pair. |
NC-114411 | IPS Engine | IPS policy behavior issue in Sophos Central. |
NC-116448 | L2TP | A checkbox isn't visible on the first line for L2TP members. |
NC-112138 | Licensing | Licenses not synchronizing. |
NC-107504 | Logging Framework | Unable to update the pattern file at AirGap sites. |
NC-107975 | Logging Framework | Logging stops on device. Database disk image is malformed. |
NC-110678 | Logging Framework | Live logs aren't being generated in log viewer. |
NC-113004 | Logging Framework | Garner stops responding at init_cache_tree during sync cache. |
NC-114652 | Logging Framework (Central Reporting) | After 7200 files, sending files to Sophos Central stops with error on gzclose. |
NC-108003 | NFP-Firewall | Memory utilization increases until firewall stops responding. |
NC-100418 | nSXLd | Internet down with error "nSXLd Connection timeout while connecting to SXL server". |
NC-115360 | nSXLd | Deleted policy from Sophos Central continues to appear in the firewall. |
NC-117753 | PPPoE | Internet through PPPoE doesn't work after HA failover. |
NC-112058 | RED | Some reports for RED tunnel on XG Firewall don't load. |
NC-112117 | RED | Editing a RED configuration in XG Firewall caused the firewall to become unresponsive. |
NC-112621 | RED | Unable to edit some RED interfaces. |
NC-113005 | RED | RED tunnels restart suddenly. |
NC-117243 | RED | Disable DHE cipher support for RED. |
NC-117786 | Reporting | Security Audit Report score data in email differs from what's shown in the firewall. |
NC-111110 | SDWAN Routing | Import-export doesn't reflect changes in SD-WAN profiles. |
NC-112722 | SDWAN Routing | garner.log is flooded with continuous logs for cache failures. |
NC-114075 | SDWAN Routing | Connectivity issue when using route-based VPN with SD-WAN Routes or profiles. |
NC-107178 | SecurityHeartbeat | Improve license enforcement message for Synchronized Security. |
NC-116531 | SecurityHeartbeat | Can't access resources for some time when Security Heartbeat is configured. |
NC-117680 | SecurityHeartbeat | Ipset hb_green entry removed without cause. |
NC-111441 | SSLVPN | Remote access SSL VPN doesn't work after upgrade. |
NC-112065 | SSLVPN | When Azure AD is used as the authentication type, the Authentication > Services page goes into buffering. |
NC-112211 | SSLVPN | /conf/certificate/openvpn directory is missing. |
NC-114163 | SSLVPN | Connections from LAN to static SSL VPN IP address are routed through WAN on XGS. |
NC-117669 | Firewall | "Invalid TCP state" logs in HA appliances for traffic coming from the auxiliary device. |
NC-120190 | SSLVPN | Site-to-site SSL VPN connections fail due to the absence of serveruser.conf file. |
NC-112370 | Gateway Management | Error while updating failover rules in WAN link manager. |
20.03.2024 - Maintenance Release
zum AuthorSophos Firewall 19.5 MR 3
Beschreibung
Features
ZTNA Gateway
Diese Version unterstützt die kommende Integration des Sophos ZTNA Gateways in die Firewall. Dadurch vereinfacht sich das Deployment von ZTNA. ZTNA ist eine einfache und sichere Möglichkeit für Remote-Mitarbeiter, auf Systeme oder Anwendungen hinter der Firewall zuzugreifen. Mit dem integrierten ZTNA-Gateway in der Sophos Firewall müssen Sie keine zusätzlichen Anwendungen in Ihrem Netzwerk bereitstellen, um den sicheren ZTNA-Zugriff zu unterstützen.
Die neue ZTNA-Gateway-Funktion wird im September 2023 als Teil von Sophos ZTNA in Sophos Central im Early Access bereitgestellt.Neue SSD-Firmware
Aktualisierte SSD-Firmware ist für ausgewählte SSD-Modelle in den folgenden 1U-Appliances verfügbar: XGS 2100, 2300, 3100, 3300 und 4300 Die neue Firmware optimiert Leistung und Zuverlässigkeit.
Bugfixes
Sven
7 Jahre Technischer Support
Zertifizierung: Sophos Firewall Sales Consultant, Sophos Firewall Technician, Sophos Firewall Engineer
Spezialisierung: UTMshop Academy, Access Points, Einrichtung, Troubleshooting