Support-Portal
· Maintenance Release

Sophos Firewall 19.5 MR3 (empfohlene Version) grade

Beschreibung

Bemerkungen

Features

ZTNA Gateway

Diese Version unterstützt die kommende Integration des Sophos ZTNA Gateways in die Firewall. Dadurch vereinfacht sich das Deployment von ZTNA. ZTNA ist eine einfache und sichere Möglichkeit für Remote-Mitarbeiter, auf Systeme oder Anwendungen hinter der Firewall zuzugreifen. Mit dem integrierten ZTNA-Gateway in der Sophos Firewall müssen Sie keine zusätzlichen Anwendungen in Ihrem Netzwerk bereitstellen, um den sicheren ZTNA-Zugriff zu unterstützen.
Die neue ZTNA-Gateway-Funktion wird im September 2023 als Teil von Sophos ZTNA in Sophos Central im Early Access bereitgestellt.

Neue SSD-Firmware

Aktualisierte SSD-Firmware ist für ausgewählte SSD-Modelle in den folgenden 1U-Appliances verfügbar: XGS 2100, 2300, 3100, 3300 und 4300 Die neue Firmware optimiert Leistung und Zuverlässigkeit.

Betroffene Produktgruppen

Bugfixes

  • NC-120519: CM Disabling Central Management doesn't work per the firewall's API document.
  • NC-120138: Email Excessively strict validation for email message ID.
  • NC-119898: IPsec XFRM tunnel remains disabled when both site-to-site and route-based VPN are simultaneously up on the same local remote gateway pair.
  • NC-119825: Certificates Unable to download Default certificate from Web > General settings. Signs out the administrator when they click the download button.
  • NC-119560: Authentication Wizard 19.5 MR2 mandatory firmware update causes the initial setup to start repeatedly.
  • NC-119525 : Hotspot Valid until time on Hotspot sign-in shows time in UTC instead of Local system time.
  • NC-119374: WAF Error 404 on Authentication page after upgrading the firmware from 19.5.1 to 19.5.2
  • NC-119198: CM Unable to change administrator user account's password from Sophos Central Firewall Management.
  • NC-119183: Authentication Transaction failure in eDirectory authentication server.
  • NC-119047: IPsec SSL/TLS inspection isn't working for VPN users.
  • NC-118749: CM Specific API call doesn't seem to be working.
  • NC-118671: SSLVPN Android/IOS users aren't able to import SSL VPN ovpn file.
  • NC-118601: UI Framework The file ".eslintignore" is accessible from the UI.
  • NC-118204: Firewall, SDWAN Routing Static multicast packet changes reply destination when SD-WAN route is applied.
  • NC-117786: Reporting Security Audit Report score data differs between what is seen on the firewall versus what is received through email.
  • NC-117680: SecurityHeartbeat IPSET hb_green entry removed without cause.
  • NC-117675: Gateway Management DGD service stopped after power failure and didn't restart.
  • NC-117314: Core Utils SWAP memory usage is full.
  • NC-117243: RED Need to disable DHE cipher support for RED.
  • NC-117063 : Firewall Allowed child connection is logged as dropped.
  • NC-116939: Firewall Pktcapd bpf filter causing auxiliary to restart.
  • NC-116899: Email Attachment going through, although it should be blocked based on extension/MIME.
  • NC-116890: Firewall NAT rule isn't getting marked after the firewall restarts
  • NC-116881: Authentication Uploading certificate file to the web admin console, when signed in through Azure AD SSO, results in sign-out.
  • NC-116880: Authentication SSH keys disappear when administrator has two-factor authentication enabled and added after sign-in using an administrator other than the default admin.
  • NC-116845: Email Occasional UT error in mailpoller.
  • NC-116602: Authentication Log viewer doesn't show source IP address for SSL VPN users with authentication failure.
  • NC-116531: SecurityHeartbeat Can't access resources for some time when heartbeat is configured.
  • NC-116527: Firewall Entities.xml shows additional firewall rule that isn't visible on the web admin console.
  • NC-116314: Interface Management Unable to delete or make changes to bridge interface.
  • NC-116312: CM Garner thread stuck in Central Management plugin.
  • NC-115982: CM Alert in Sophos Central: "Firewall has not checked in with Sophos Central for the past 5 minutes".
  • NC-115360: nSXLd Policy deleted from Sophos Central continues to appear in the firewall.
  • NC-114950: Authentication Unable to view usage with username "do'reilly" and web admin console stops responding.
  • NC-114930: Web AVD stops responding after pattern update because one thread doesn't release.
  • NC-114872: IPS-DAQ Certificate-based authentication failing to server with small RX win.
  • NC-114652: Logging Framework (Central Reporting) After 7200 files, sending files to Sophos Central stops with an error.
  • NC-114292: Static Routing Static routes stopped working after upgrading to 19.5 GA due to Netlink error.
  • NC-113458: Email MIME type recognition issues when Zero-day protection is turned on.
  • NC-113038: Email Mail communication stopped working after upgrading to 19.5 GA.
  • NC-113034: Hardware Lost device access to XGS appliances and logs aren't available.
  • NC-112136: Firewall RED connection interruption when firewall acceleration is turned on in XG 310.
  • NC-111476: FQDN Subdomain learning isn't working when non-SFOS DNS server is set for the client.
  • NC-111441: SSLVPN Remote access SSL VPN isn't working after upgrading to 19.0 MR1.
  • NC-111110: SDWAN Routing Import-export doesn't reflect changes in SD-WAN profiles.
  • NC-110927: Authentication Missing MFA enable-disable event logs.
  • NC-109626: HA Standalone HA device restarts. Too many open files.
  • NC-109625 : Email Inbound emails from specific domains are quarantined because of DKIM verification failure.
  • NC-109623: Dynamic Routing (BGP) BGP - FRR doesn't advertise the configured networks if they aren't available in the routing table.
  • NC-109201: Firewall Device goes into failsafe mode after firmware upgrade to 19.0.1. Unable to apply firewall framework.
  • NC-108562: Core Utils Public key authentication for administrator can't be managed through Sophos Central.
  • NC-108450: Email Inbound emails with attachments aren't delivered because of malware scan failure.
  • NC-108378 : Clientless Access Clientless access doesn't work if the name contains an umlaut character.
  • NC-108003: NFP-Firewall Memory utilization increases until the firewall stops responding.
  • NC-107975: Logging Framework Logging stopped on the device with the error database disk image is malformed.
  • NC-107708: Firewall Firewall restarts automatically. RIP: 0010:muser_match+0x747
  • NC-107481: Authentication Log viewer doesn't show source IP address for authenticated SSL VPN users.
  • NC-107329: IPS-DAQ Snort shows high CPU usage. Low bandwidth experienced.
  • NC-107325: VFP-Firewall Firewall becomes inaccessible.
  • NC-107178: SecurityHeartbeat Clarification required for license enforcement message in 19.0 MR1 and later.
  • NC-107042: IPsec IPsec VPN path MTU-related connection issues with IPsec acceleration.
  • NC-106738 : Hotspot Sort functionality doesn't work properly in the user portal for hotspot vouchers.
  • NC-102256: Clientless Access Clientless VPN bookmark for RDP stops intermittently. Signs out the user.
  • NC-101163: Wireless After an update, separate zone SSID "ageing_time" parameter is reset to 0.
  • NC-94533: Certificates Attribute challenge password prevents issuing a certificate with No-IP.
  • NC-85114: Firmware Management "kworker" process taking high CPU continuously on XG 450.