| NC-153892 |
PPPoE |
PPPoE interface may not connect if it has the special character "#" in the username. |
| NC-138431 |
Authentication |
MFA tokens weren't working for SSL VPN users after a firmware upgrade to 20.0 MR1. |
| NC-141413 |
Authentication |
Authentication service stopped responding because of "read_from_client" issues. |
| NC-144562 |
Authentication |
Unable to add users to the MFA setting after a certain limit. Error appeared on the web admin console. |
| NC-139323 |
Certificates |
IPS service failed after upgrading to 20.0 MR1. |
| NC-135473 |
Clientless Access |
Unable to download the configuration file from VPN portal after HA failover with specific conditions. |
| NC-141997 |
Clientless Access |
Vulnerabilities found in the scan for VPN portal. |
| NC-147793 |
VPN |
Pattern update failure for SSL VPN. |
| NC-133133 |
CM |
Group configuration import in Sophos Central management failed from XG 86w firewall. |
| NC-135944 |
CM, CM (Join to Cloud) |
Unable to access or manage the firewall from Sophos Central. |
| NC-140829 |
CM |
Intermittent issues with internet connectivity because Garner main thread was blocked during Sophos Central plugin reconfiguration. |
| NC-144699 |
CM |
FRP-SSO failed when a firewall was deregistered from a Sophos Central account and registered to a different account. |
| NC-137123 |
Core Utils |
Low swap memory in a device migrated from 17.5 involving a virtual deployment with two disks. |
| NC-138159 |
Core Utils |
Command failure wasn't handled in HA migration. |
| NC-143615 |
Core Utils |
USB keyboard didn't work on the CLI in 20.0 MR2 deployed on third-party hardware. |
| NC-135421 |
CSC |
Firewall rules stopped working after a power failure. |
| NC-135613 |
DDNS |
DDNS didn't show data on the web admin console. |
| NC-136462 |
DHCP |
DHCP service was unresponsive for a valid domain entry in Next-Server. |
| NC-137870 |
DHCP |
Backup-restore failed for DoS rules because system interface mapping failed. |
| NC-133859 |
Email |
DKIM signatures didn't work as expected. Emails were quarantined. |
| NC-133988 |
Email |
Entries for rejected mail weren't logged because of the message size. |
| NC-134038 |
Email |
Emails bounced or weren't delivered when the subject contained "&" with SPX turned on. |
| NC-141753 |
Email |
Quarantined digest email's subject showed an incorrect "From" date. |
| NC-152919 |
Email |
Unable to release quarantine emails from the user portal. |
| NC-123910 |
Firewall |
Kernel panic in FTP over HTTP scenario. |
| NC-131411 |
Firewall |
Forwarded traffic didn't work randomly for connections through SATC. |
| NC-137779 |
Firewall |
User accounting was done for traffic going through a network rule. |
| NC-152641 |
Base |
The firewall stopped processing traffic due to SWAP memory configuration changes after it was upgraded to 21.0 MR1 Build 237. |
| NC-123807 |
Gateway Management |
Kernel crash dump occurred in a firewall with SFOS 20.0 GA. |
| NC-100951 |
HA |
Gateway status of an interface configured with dynamic IP assignment was, occasionally, not in sync in an active-passive auxiliary device after HA failover. |
| NC-137215 |
HA |
TCP traffic didn't work in active-active HA mode with XFRM deployment. |
| NC-144474 |
Interface Management |
Physical interfaces and expanded logical interfaces weren't visible after upgrading to 21.0 GA. |
| NC-140591 |
IPS-DAQ-NSE |
An AWS website didn't work randomly. Log viewer showed the following error: "TLS handshake fatal alert: decode error(50)". |
| NC-140666 |
IPS-DAQ-NSE |
Unable to connect Office365 SMTP with SSL/TLS turned on after an upgrade to 20.0 MR1. |
| NC-138180 |
IPsec |
Auxiliary device was receiving NAT-T IPsec packets on rekeying after an upgrade to 20.0 MR1. |
| NC-138822 |
IPsec |
XFRM interface status appeared as "Not configured" even when the IPsec tunnel was established. |
| NC-143095 |
IPsec |
Unable to download IPsec iOS profile from the VPN portal. |
| NC-146469 |
IPS Engine |
IPS optimization issue with the number of cores after migration to a different appliance. |
| NC-143051 |
Logging Framework |
Sophos Firewall appliances stopped sending logs to Graylog syslog server. |
| NC-146431 |
MDR Framework |
MDR threat feeds showed that the requirements weren't met even though they were. |
| NC-139922 |
NFP-Firewall |
Mismatched interfaces when IPsec acceleration was turned on. |
| NC-144311 |
NFP-Firewall, USFP |
Malformed or specifically crafted inner decrypted L3 payload may result in an unresponsive NPU. |
| NC-141503 |
Postgres |
IPS stopped responding. Unable to restart it because postgres connections exceeded the limit. |
| NC-137106 |
QoS |
QoS download speed wasn't restricted for SSL VPN users. |
| NC-136900 |
RED |
Fixed the RED APU file removal and creation on the auxiliary device after this device restarted. |
| NC-144581 |
RED |
Offline-provisioned RED became non-functional after a RED firmware upgrade. |
| NC-146114 |
RED |
Primary device automatically restarted and failed over to the auxiliary device after an upgrade to 21.0 GA. |
| NC-138286 |
Reporting |
Custom view wasn't listed in the custom report when accessing the firewall from Sophos Central. |
| NC-128242 |
SDWAN Routing |
TFTP traffic didn't flow as expected with an SD-WAN profile. |
| NC-130534 |
SDWAN Routing |
Web pages timed out with web proxy when MAC address-based SD-WAN rules were used. |
| NC-137341 |
SDWAN Routing |
The iptable entries of SD-WAN routes disappeared. |
| NC-141637 |
Security Heartbeat |
Devices were blocked despite green health and no missing heartbeat alert in Sophos Central. |
| NC-142435 |
Sentry framework |
Snort, garner, and access server processes weren't terminated properly because the process was stuck in GenerateDump. |
| NC-139458 |
SSL VPN |
Services page and SSL VPN Assistant weren't loading. |
| NC-139849 |
SSL VPN |
Discrepancies in the site-to-site SSL VPN import validation. |
| NC-142397 |
SSL VPN |
Out of memory issue. SSL VPN caused the /tmp partition to fill up. |
| NC-145261 |
SSL VPN |
Incorrect count appeared on the dashboard for connected remote users in 21.0 GA. |
| NC-144955 |
Static Routing |
Static route remained on the auxiliary device after enabling HA. |
| NC-122478 |
UI Framework |
Web policy automatically scrolled, leading to a misplaced dialog box. |
| NC-141688 |
UI Framework |
Need to support automatic language detection for users with SSO sign-in. |
| NC-151389 |
UI Framework |
Hotspot voucher didn't load on the user portal. |
| NC-135798 |
WAF |
Set Cache-Control to no-cache, no-store for WAF. |
| NC-140403 |
WAF |
Pop-up appeared when you opened a WAF rule and clicked the cancel button without any modification to the rule. |
| NC-140550 |
WAF |
When WAF was used, floating HTML with the cart content didn't appear after items were added to it. |
| NC-142170 |
WAF |
Fixed how the firewall handles deleted and disabled interfaces referred to in Let's Encrypt certificates. |
| NC-144659 |
WAF |
Let's Encrypt service showed a busy status in 21.0 GA. |
| NC-152963 |
Firewall |
With Let's Encrypt turned on, firewall rule positions were altered, affecting the firewall rules that match the traffic. |
| NC-136403 |
Web |
Web policy override must tell the browser not to autofill bypass codes. |
| NC-136616 |
Web |
AD SSO didn't work with Kerberos for a specific server and user. |
| NC-140864 |
Web |
The "Missing template" error appeared instead of the Sophos block page. |
| NC-141088 |
Web |
The Restrict-Access-To-Tenants setting has a character limit of 256. |
| NC-142515 |
Web |
Content filter blocking didn't work with Facebook search. It worked with other websites. |
| NC-136099 |
WebInSnort |
SSL/TLS inspection rules containing only unsupported services behaved like Service was set to Any. |
| NC-140491 |
WWAN |
Modem didn't connect after an upgrade to SFOS 21.0 EAP0 in XGS 116. |
| NC-142427 |
WWAN |
Huawei Modem (4G dongle) didn't connect to the firewall after an upgrade to 20.0 MR2. |
| NC-77828 |
API Framework |
Unable to import user activity that contains categories with special characters. |
| NC-140410 |
ATR Framework |
Incorrect label for third-party threat feed widget on Control center. |
| NC-140436 |
ATR Framework |
The Heartbeat endpoint switched to "Red" status even when threat feed is in monitoring, that is, log mode. |
| NC-140906 |
ATR Framework |
Added hover text for the icons on the Active threat response dashboard window and fixed smudging in the Active threat response table. |
| NC-141545 |
ATR Framework |
Updated the Active threat response third-party feeds' URL to allow a port number. |
| NC-124684 |
Authentication |
Static IP address is sporadically not released. |
| NC-127830 |
Authentication |
RADIUS user who isn't part of VPN group can still connect to SSL VPN. |
| NC-128138 |
Authentication |
Captive portal with custom code isn't working properly. |
| NC-131097 |
Authentication |
Upon AD server connectivity, ldap_bind call times out after 30 minutes, causing new authentication requests to fail. |
| NC-131391 |
Authentication |
L2TP authentication isn't working with Windows Automatic Logon enabled in VPN adapter. |
| NC-131711 |
Authentication |
TSSO_client_netsend: sending data to server log message shows Error instead of Debug. |
| NC-132907 |
Authentication |
Access Server coredump in read_from_sock (server.c:379). |
| NC-136193 |
Authentication |
Updated the tooltip for groups on Authentication > Users. |
| NC-139018 |
Authentication |
Access-request packets attack vulnerability associated with CVE-2024-3596. |
| NC-127665 |
CDB-CFR, CM |
Firewall shows disconnected status on Sophos Central after the firewall is restarted. |
| NC-132127 |
CDB-CFR, CM |
Receiving alerts that the firewall has lost connection to Sophos Central from the auxiliary device. |
| NC-136645 |
Certificates |
Certificates from Starfield Secure Certificate Authority - G2 aren't trusted in 20.0 MR1. |
| NC-127253 |
Clientless Access (VPN Portal) |
HTTP Host header injection. |
| NC-141686 |
Clientless Access |
Remove the VPN portal notification. |
| NC-128159 |
CM |
SFOS applications don't work when the first two configured DNS servers aren't reachable. |
| NC-129249 |
CM, Core Utils |
Fix vulnerabilities in libssh2 CVE-2023-48795. |
| NC-132845 |
CSC |
Username is blank in Log viewer after deleting a user in virtual firewall. |
| NC-126965 |
DHCP |
Firewall stops logging DHCP logs and Garner service is stuck and can't be restarted. |
| NC-129171 |
DHCP |
DHCP stopped working after an upgrade from 19.5.3 to 20.0 GA. |
| NC-130879 |
DHCP |
Follow up of NC-106814: Issue with DHCP relay. |
| NC-136246 |
DHCP |
Hotfix: DHCP server is unavailable when Boot options are configured with URL. |
| NC-118624 |
Dynamic Routing (BGP), HA |
BGP service crashes with write error on fd <nn>: Bad file descriptor. |
| NC-121980 |
Email |
Duplicate email issue. |
| NC-123889 |
Email |
High CPU usage by warren after upgrade to 19.5 MR3. |
| NC-124266 |
Email |
Smarthost with RED tunnel setup. Notification emails get stuck in mail spool. |
| NC-125084 |
Email |
DKIM isn't working as expected. |
| NC-126576 |
Email |
Greylisting isn't working. |
| NC-128229 |
Email |
Enabling SPF check isn't an option to block internal domain-spoofed emails. |
| NC-130236 |
Email |
Emails with `\n` in the subject line are categorized as bulk mail by the spam engine. |
| NC-131106 |
Email |
Inbound mail isn't delivered to the mailbox when SMTP scanning is on in legacy mode. |
| NC-132557 |
Email |
HA synchronization issue in email encryption SPX template. |
| NC-133157 |
Email |
Can't send backups using Amazon SES. |
| NC-123538 |
Firewall |
MAC filter spoof check doesn't work. |
| NC-124012 |
Firewall |
NAT rule isn't marked even after an update to 19.5 MR3. |
| NC-124251 |
Firewall |
RED service is unavailable. |
| NC-124551 |
Firewall |
Firewall rules aren't working after an upgrade from 18.5.3 to 19.5.3. |
| NC-134783 |
Firewall |
Unable to see the IP host or MAC host in the firewall. |
| NC-136153 |
Firewall |
Local ACL exception rule doesn't work for SMTP relay. |
| NC-120434 |
Firmware Management |
Discrepancy in HA roles being shown. |
| NC-127503 |
Firmware Management |
Restrict parallel firmware upgrade flows. |
| NC-131100 |
Firmware Management |
SNMP server shows 100 percent critical `/tmp/npu_diag`. |
| NC-132224 |
Firmware Management |
Upgrade to 20.0 fails on XGS 87 due to 'invalid firmware' error. |
| NC-132862 |
Firmware Management |
SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795). |
| NC-118929 |
HA |
HA doesn't work after a failover. msyncd stops tracking events and doesn't start again. |
| NC-124105 |
HA |
Configuration changes on firewall show the error "The Operation will take time to complete. The status can be viewed from the 'Log viewer' page". |
| NC-130404 |
HA |
License issue on auxiliary device in active-passive HA cluster. |
| NC-135054 |
Hotspot |
Problem with expired certificate in hotspot. |
| NC-122885 |
Import-Export Framework |
Unable to export user configuration. |
| NC-124721 |
Interface Management |
Firewall becomes unavailable and requires a restart. |
| NC-132542 |
IPS-DAQ |
Memory allocation failure in jumbogram causes IPS log to increase in GB. |
| NC-125294 |
IPS-DAQ-NSE |
Firewall drops reset packet in LAN-to-LAN communication when DPI is on. |
| NC-130017 |
IPS-DAQ-NSE |
Client-server traffic dropped without ac_atp exception due to missing support for TCP keepalive on decrypted TLS. |
| NC-130365 |
IPS-DAQ-NSE |
Slower TLS inspected download speed from some servers. |
| NC-128350 |
IPsec |
Connection can't be established through IPsec remote access VPN using the Sophos Connect client. |
| NC-136651 |
IPsec |
Charon high CPU for IPSec passthrough traffic. |
| NC-127177 |
IPS Engine |
IPS logs aren't generated in Log viewer. |
| NC-141315 |
IPS Ruleset Management |
Check /content for space availability before migration to 21.0. |
| NC-129242 |
Logging Framework |
Notification plugin reconfiguration failure causes crash in fca_output. |
| NC-136693 |
Logging Framework |
Bandwidth utilization of interfaces isn't shown on Control center. |
| NC-133375 |
Logging Framework, Central Reporting |
Garner doesn't send the date to Sophos Central. |
| NC-125112 |
NFP-Firewall |
RED tunnel becomes unavailable with firewall acceleration on in SFOS 19.5.3. |
| NC-128941 |
NFP-Firewall |
IPsec tunnel stops carrying traffic when ipsec-acceleration is on. |
| NC-128656 |
nSXLd |
nSXLD times out when the first two DNS servers configured aren't reachable. |
| NC-115843 |
PPPoE |
Scheduled PPPoE reconnect doesn't work. |
| NC-128072 |
PPPoE |
PPPoE message missing formatter mapping in Garner. |
| NC-127663 |
RED |
When trying to add or remove a RED interface on a bridge, SFOS kernel dumps. |
| NC-130949 |
RED |
Some RED devices became unavailable after downgrading the firewall firmware from 20.0 to 19.5.3. |
| NC-128539 |
Reporting |
Unable to start on-box reporting after migration to 20.0 GA. |
| NC-141850 |
Reporting |
Local reporting doesn't work after firmware upgrade. Reporting dB is available. |
| NC-126363 |
SDWAN Routing |
Firewall rule sporadically doesn't report matching traffic. |
| NC-127524 |
SDWAN Routing |
SD-WAN route and default MASQ gets applied on system generated traffic. |
| NC-129618 |
Security Heartbeat |
Heartbeat service unavailable due to malformed MAC address. |
| NC-137333 |
Service Object |
Missing services entries on the web admin console after changes were made. |
| NC-128468 |
SSL VPN |
Unable to generate OVPN file due to missing server_dn in the tblsslvpnglobalconf when custom certificate is used. |
| NC-128469 |
SSL VPN |
Unable to download the SSL VPN configuration from the user portal for certain AD users. |
| NC-130692 |
SSL VPN |
Special characters are replaced with encoded values in 20.0 and later versions. |
| NC-130938 |
SSL VPN |
More certificates in the OVPN file than before upgrade. |
| NC-131180 |
SSL VPN |
SSL VPN remote access resources become inaccessible. |
| NC-132821 |
Static Routing |
`Staticd` service stops after the firewall is upgraded to 19.5 MR4. |
| NC-126694 |
SupportAccess |
Support access doesn't work after the firewall restarts. |
| NC-118925 |
UI Framework |
Unable to restore backup if the backup file name has the & character in the prefix. |
| NC-124188 |
UI Framework |
HTTP Host header injection in the user portal. |
| NC-131365 |
UI Framework |
DNS server IP address in DHCP server configuration changes unexpectedly in the web admin console at times. |
| NC-141325 |
Up2Date Client |
Savi/Avira pattern file didn't clean up after pattern installation, resulting in less space in content partition. |
| NC-124909 |
VFP-Firewall |
Firewall restarts automatically. |
| NC-130528 |
WAF |
Missing parameters in the XML API. |
| NC-130684 |
WAF |
Unable to update WAF rule after updating the certificate. |
| NC-131782 |
WAF |
After a second failover, the GeoIP settings in WAF rules are lost. |
| NC-136062 |
WAF |
Migration failed due to duplicate WAF rule names. |
| NC-140442 |
WAF |
Let's Encrypt couldn't generate a certificate without WAF subscription. |
| NC-140569 |
WAF |
Firewall goes into failsafe mode. |
| NC-140619 |
WAF |
Unable to generate Let's Encrypt certificates. |
| NC-140663 |
WAF |
Invalid Let's Encrypt configuration leads to the reverse proxy restarting all the time. |
| NC-141062 |
WAF |
ACME server can't issue a certificate for an IP address. |
| NC-141083 |
WAF |
Performance issues caused by Let's Encrypt. |
