Beschreibung
Neuerungen in SFOS 18 MR 5
VPN-Verbesserungen
- um 50% erhöhte Kapazität für gleichzeitige IPsec-VPN-Tunnel
- Port 443-Sharing zwischen SSL VPN und Web Appliaction Firewall (WAF)
- IPsec-Provisionierungsdatei-Support für Fernzugriff via Sophos Connect v2.1
SD-WAN
- Integration mit Azure Virtual WAN für ein komplettes SD-WAN Overlay Network
Authentifizierung
- Verbesserungen des Formulars zum Erstellen von Certificate Signing Rechests (CSR) und Zertifikaten
- Verbessserte Sicherheit für private Schlüssel
- Upload/Download-Support für Zertifikate im PEM-Format
- Verbesserter Workflow für das Zertifikatsmanagement
Synchronized Security
- Verbesserte Registrierung und Deregistrierung in High-Availability (HA) Installationen
- Verbesserungen zum Reduzieren der Meldungen bei fehlendem Heartbeat für geplante / zu erwartende Änderungen im Endpoint Status
Sophos Central Firewall Reporting
- Neuer Cloud Application (CASB) Report
- MSP Flex Pricing für MSP Partner
Bemerkungen
Betroffene Produktgruppen
Bugfixes
- NC-65239: Authentication SATC users not authenticated sporadically.
- NC-62902: Authentication, Backup-restore Unable to upload backup from 17.5 MR12 to 17.5 MR14.
- NC-66124: Bridge VLAN of bridge interface doesn't follow the ZoneID for device access.
- NC-68732: Central management XG86W_AM01 firewalls are unable to apply configurations received from Sophos Central.
- NC-69835: Central management Unable to import configuration from XG86W.
- NC-69683: CROS to SFOS migration Migration issues from CR to XG Firewall.
- NC-60180: CSC Overrides the specified schedule after failover in active-passive.
- NC-67759: Diagnostics System graph: In Japanese language, memory usage for one month shows one week in the heading.
- NC-67605: Email Unable to turn on DKIM verification.
- NC-65346: Email Unable to see DKIM verification emails on the quarantine page in user portal even with the default setting.
- NC-63436: Email Legacy mode: Unable to delete spam check exception.
- NC-51915: Email Selecting a certificate isn't mandatory in notification settings even when SSL/TLS is selected.
- NC-66977: Firewall Couldn't unload SIP helper in HA mode.
- NC-64917: Firewall Firewall restarts with bridge deployment in HA mode.
- NC-64820: Firewall Awarrenhttp proxy blocks inbound connections on port 443.
- NC-63772: Firewall Policy test for firewall rule doesn't show correct results.
- NC-63612: Firewall Firewall restarts when load balancing DNAT traffic with an FQDN (dynamic IP addresses).
- NC-67274: HA Unable to disable HA when there's an SSL/TLS rule specifying source and destination zones.
- NC-66978: HA HA page doesn't respond after turning on QuickHA.
- NC-53059: HA HA active-active load balancing interrupts remote printing.
- NC-66682: IPS engine After migration from version 17.5 to 18.0, IPS Logs for WAF show the LAN interface IP address as the source IP address instead of the public IP address.
- NC-55213: IPsec IPsec tunnel up or down: Several email notifications are sent when the connection is terminated.
- NC-64309: Network utilities When ping is set to IPv6, it switches to IPv4 on the web admin console, but IPv6 interfaces are shown.
- NC-59619: Policy routing Unable to create policy route when Name has an apostrophe (').
- NC-69693: RED All RED 50 devices disconnect repeatedly.
- NC-68724: RED Changing the configuration on a RED interface disconnects all RED interfaces.
- NC-63136: RED Configuration change on one RED tunnel causes all other RED tunnels to reset.
- NC-64045: RED If RED is configured, the firewall must not allow transparent-split or 3G failover configuration.
- NC-64010: RED Confirmation message states beta firmware instead of unified firmware.
- NC-63179: RED RED interfaces show they are connected to an incorrect IP address.
- NC-70742: Reporting In HA, the newly active XG Firewall device couldn't update information on Sophos Central after changing from passive to active device.
- NC-66437: Reporting No user reporting statistics after firmware upgrade.
- NC-66024: Reporting Blocked web report doesn't appear for October 2020.
- NC-65522: Reporting Time filter shows blank or inaccurrate output in log viewer.
- NC-60391: Reporting Custom logo stretches in executive reports from the 2nd page onwards.
- NC-65148: SNMP SNMP shows incorrect license details.
- NC-64908: SSL VPN SSL VPN disconnects, but status shows it's connected.
- NC-64773: SSLVPN Packet loss and latency occur on SSL VPN when the tunnel connects or disconnects in version 18.0 MR3.
- NC-67364: Static routing Country blocking through firewall rule doesn't work.
- NC-67178: Static routing Country blocking rule blocks URLs.
- NC-62682: Static routing Netherlands appears in two country groups.
- NC-62259: Synchronized Application Control SAC menu doesn't load.
- NC-67365: UI framework Administrator user is unable to sign in to the user portal when the login disclaimer is on in version 18.5 MR4.
- NC-64984: UI framework Page load issue when refreshing the packet capture page with wrap buffer on.
- NC-64758: UI framework Users are signed out of the user portal when they click Install under Configuration for IPsec VPN client for Apple iOS.
- NC-60856: UI framework False positive reported in third-party scan.
- NC-57742: WAF Incorrect WAF rule ID resolution in syslog.log.
- NC-63996: WebInSnort Delay in connecting to an SSL/TLS-protected FTP server.
- NC-66028: WWAN USB doesn't connect after an upgrade from version 17.5 MR12 to 17.5 MR14 or 18.0.
- NRF-447: RED Unable to connect RED 20 to XG Firewall.
- NAF-33: Firmware All SSIDs disappear from the AP, and all connected clients disconnnect.
- NAF-19: Firmware Multiple SSIDs fo AP15 stop broadcasting.