Support-Portal
· Maintenance Release

SFOS 16.05.3 MR3

Beschreibung

Bemerkungen

Das Update ist von SFOS 16.05 MR2 Installationen verfügbar.

Das Release ist über das MySophos Portal für alle SFOS Versionen verfügbar.

Aus Sicherheitsgründen wurden TLSv1.0 und TLSv1.1 bereits in SF 16.05 MR2 deaktiviert.

Leider fährt Internet Explorer 11 nicht mit dem SSL Handshake fort, wenn lediglich TLSv1.2 auf dem Server aktiviert ist und wenn MD5 als Hashing Algorithmus verwendet wird. Neu generieren des Appliance Zertifikats, das für den WebAdmin, das User Portal und das Captive Portal verwendet wird, sorgt dafür, dass es wieder funktioniert.

Wenn sie das Appliance Zertifikat in SSL VPN verwenden, dann ist es notwendig die Konfiguration neu herunterzuladen.

Betroffene Produktgruppen

Bugfixes

  • NC-11178: [Access] Support Access Tunnel: JSON error at initialization
  • NC-15761: [Access] FQDN in configuration of AD Backend server is not working when using NTLM
  • NC-15881: [Access] Live user count shown in UI is wrong
  • NC-16818: [Access] Not able to download authentication clients from user portal
  • NC-16207 : [Authentication] STAS users are not shown in live users view after HA failover
  • NC-16230: [Authentication] LDAP authentication with cyrillic user names doesn't work
  • NC-16899: [Authentication] STAS: Canceling "Add New Collector" doesn't reset the form
  • NC-16903: [Authentication] STAS: Missing green confirmation / message box when deleting a collector
  • NC-17034: [Authentication] Missing client type for edirectory in webconsole live user view
  • NC-17079: [Authentication] AD group import wizard fails with IPv6 address
  • NC-17339: [Base System, Hotspot] Hotspot with voucher and full customization can't be created
  • NC-11881: [Base System] Missing validation for threat exception in ATP protection
  • NC-15326: [Base System] Column filter is not working for all labels at sandstorm log viewer
  • NC-16902: [Base System] UI is not accessible when system host name contains "_"
  • NC-16727: [Firewall, FirewallDatapath] Port self test reboots appliance
  • NC-11908: [Firewall] Improve IPv4 and IPv6 validation
  • NC-12130: [Firewall] Memory Crunch: TCP out of memory
  • NC-13664: [Firewall] DNAT rule using email servers template is not working with multiple gateways
  • NC-15348: [Firewall] Appliance hangs when applying FQDN group which contains more then 600 FQDN hosts in firewall rule
  • NC-8928: [Firewall] Import-Export for Business Application Rule (Email Clients) not working with route through gateway configuration
  • NC-16808: [Galileo Heartbeat] Traffic will be blocked from red endpoints, even if heartbeat has been turned off
  • NC-17032: [Galileo Heartbeat] Delete firewall on cloud does not remove certs/db on firewall
  • NC-16002: [Hotspot] Zone changes are not saved in hotspot auto firewall rule
  • NC-16177: [Hotspot] Full customized login page doesn't work properly if filename is "default_style.css"
  • NC-14404: [IPS] Internet not working due to IPS(pkt_container)
  • NC-15866: [IPS] Evasion - US Mobile Xput failure and UTF-32
  • NC-15867: [IPS] Evasion - RDP Dos 1 byte evasion
  • NC-16029: [IPS] Remove debug log line from snort - dcerpc2: dce2_co.c(1886) Could not create DCE/RPC frag reassembled packet
  • NC-16234: [IPS] Evasion - TCP evasion bypass with malformed iframe and ie peer baseline
  • NC-16258: [IPS] Default general-ips-policy should attach all the "categorized" IPS rules to the policy
  • NC-16335: [IPS] IPS category, platform and target are changed in log viewer after signature upgrade
  • NC-16375: [IPS] Evasion - TCP evasion bypass for RPC baselines
  • NC-16456: [IPS] Evasion - URL fake param evasion bypass for phf baseline
  • NC-16458: [IPS] Decompress PDF & SWF file before scanning
  • NC-16534: [IPS] Evasion - Canvas level 2 to 10 bypass with NSS baseline CVE-2008-4250
  • NC-16550: [IPS] Issue with web surfing while ATP is enabled
  • NC-16655: [IPS] Enable snort http_inspect pre-processor options by default
  • NC-16747: [IPS] CLI command shows incorrect failclose status
  • NC-16876: [IPS] Evasion - URL directory insertion attack bypass when testing with Evader
  • NC-16982: [IPS] SNMP agent port is wrong
  • NC-14241: [Mail Proxy] Unable to send notifications via external mail server
  • NC-14948: [Mail Proxy] Sandbox pending/err mails are not released from sandstorm activity page on auxiliary node
  • NC-16013: [Mail Proxy] Display issue with iso-8859-1 and umlauts
  • NC-16285: [Mail Proxy] "Assertion" found in awarrensmtp log when sending to hotmail.com
  • NC-16549: [Mail Proxy] Certificate issue when POPs/IMAPs are used
  • NC-16608: [Mail Proxy] File is not blocked/filtered by MTA if file name contains i18n characters
  • NC-15941: [Network Services] Preferred IP gets blank for type PPPoE when editing VLAN
  • NC-16359: [Network Services] Auto Negotiation display issue with 4 Port 10Gb SFP+ module
  • NC-16490: [Network Services] Allow to set the same values for preferred lifetime and valid lifetime (IPv6 SLAAC)
  • NC-16635 : [Network Services] Unable to add Gateway Host if japanese language is used<br />
  • NC-16962: [Network Services] NAT policy not applied except MASQ in WAN Link Manager in Japanese language
  • NC-11784: [Networking] VLAN on RED Interface not exported via Import-Export
  • NC-13471: [Networking] API import fail for LAG with VLAN interface configuration
  • NC-13490: [Networking] Bridge interface import is failing using import-export
  • NC-16126: [Networking] Unable to update WAN interface when GRE tunnel is configured on it
  • NC-16537: [Networking] Detail button on interface page not working for LAG interface when LAG is part of bridge interface
  • NC-16538: [Networking] Unable to change gw IP from WAN link manager page for DHCPv6 only interface
  • NC-16597: [Networking] VM: Error on console and GUI when Network>>Interface is updated
  • NC-17343: [Networking] Not able update VLAN interface in specific condition
  • NC-17085: [RED] RED service continuously restarts on HA(AP) after migration if branch name contains i18n characters
  • NC-4648: [RED] Handle disconnect logging correctly when RED gets deleted
  • NC-4832: [RED] Interface graph for RED interface is not shown in system interface graphs
  • NC-14554: [Reporting] Report notification email does not contain pdf attachment for non-english languages
  • NC-14912: [Reporting] Spelling errors in language file common.js
  • NC-15196: [Reporting] Sandstorm: inline graphs for detail reports are not properly aligned
  • NC-15786: [Reporting] Actual time should be displayed for events in detail reports
  • NC-16772: [Reporting] Paging does not work for interfaces in Executive Report
  • NC-16966: [Reporting] Detailed reports are not available for Sandstorm-Mail module
  • NC-16992: [Reporting] Sandstorm records disappear after some time
  • NC-17066: [Reporting] When traditional Chinese name is used for scheduled reports, pdf attachment is missing
  • NC-17244: [Reporting] Mail Application displayed as unknown number like 11 and 12 instead of SMTP & POP3
  • NC-17336: [Reporting] Records for Custom Mail Reports (Mail Usage, Spam & Virus) are not displayed
  • NC-16216: [Routing] Interface gets blank on editing unicast route
  • NC-16279: [Routing] Policy Route API validation issue with IP family and dscpmarking
  • NC-17247: [Routing] RED interface route is removed from back-end during HA migration
  • NC-10244: [SSLVPN] Guest user in Policy Members - Remote Access Policy 'vpn_remote' could not be updated
  • NC-11706: [SSLVPN] SSLVPN s2s fail to clone the status of the VPN
  • NC-16049: [SSLVPN] SSL VPN Connection status does not change via CCL revert
  • NC-16332: [SSLVPN] NullPointerException in tomcat when editing an AD user who is part of multiple groups and SSLVPN policies
  • NC-4888: [SSLVPN] Unable to update SSL settings in some conditions
  • NC-14670: [VPN] Prevent export of connections when remote certificate is set to external certificate
  • NC-16249: [VPN] Viewing connection detail for IPSec tunnel makes UI hang when Chinese characters are used in local/remote host configuration
  • NC-15202: [WAF] Can't disable "Rewrite cookies" if "Rewrite HTML" is enabled
  • NC-11515: [Web] Set default value for max scan size dependent on hardware type
  • NC-14247: [Web] API export problem leads to import fail
  • NC-14476: [Web] Uploading files larger 200MB via WebDAV fails
  • NC-14838: [Web] Awarrenhttp service using 99% CPU
  • NC-15206: [Web] Guest Portal doesn't display correctly
  • NC-15211: [Web] UI incorrectly saves the flags for max download size, google apps and youtube for schools
  • NC-15318: [Web] Dead end on Protection page for admin with read only permissions
  • NC-15568: [Web] Disable relay_invalid_http_traffic option for new installations
  • NC-5013: [Web] Improve handling of backslash and quotes in security policy name
  • NC-12020: [Wireless] AP removed after migration from CR to SF on CR25wING-6P
  • NC-13267: [Wireless] Some of the WPA2-PSK profiles are shown as "unknown" security in the rogue scan
  • NC-15929: [Wireless] The last transmission rate remains at 1 Mb/s for 2.4 GHz
  • NC-16288: [Wireless] Mesh doesn't work with AP100X
  • NC-16749: [Wireless] Hostapd fails to start after migrating from SF 16.01.2
  • NC-16915: [Wireless] Static channel configuration is not working in 5GHZ band (125w/135w - 802.11ac)
  • NC-4575: [Wireless] Created Bridge to AP LAN wireless network not able to edit from client type
  • NC-6194: [Wireless] DHCP service dies in AUX due to separate zone interface unbound while HA disable