Beschreibung
Bemerkungen
Features
VPN und SD-WAN-Verbesserungen
SSL-VPN-Fernverbindungen: Statisches IP-Lease-Mapping für entfernte Benutzer. Dies schließt Radius mit ein.
IPsec-VPN-Verbesserungen: Standardrichtlinien für IKEv2 hinzugefügt. Die Standardeinstellungen wurden ebenfalls aktualisiert, um ein Flattern von UDP-Verbindungen (VoIP, Skype, RDP, Zoom usw.) zu verhindern. Außerdem wurde „vpn conn-remove-tunnel-up“ deaktiviert
und „vpn conn-remove-on-failover“ für die neue Konfiguration aktiviert (beeinflusst jedoch keine vorhandenen Bereitstellungen).
SD-RED: Unterstützung für mehrere DHCP-Server pro RED-Interface
SD-WAN-Profile: Rule-ID und Index-Spalten zur SD-WAN-Profil-Verwaltungsseite hinzugefügt
Weitere Verbesserungen
Anti-Malware-Engine: Auf 64-bit geupgraded. Die sekundäre Engine von Avira erhält keine Updates für die 32-bit-Version beginnend ab dem 31.12.2022. Alle Nutzer der Avira-Engine müssen entweder auf v19 MR1 oder v18.5 MR5 (oder neuer) upgraden.
Synchronized Security: Verbesserte Sophos Central Firewall Management-Beständigkeit in Umgebungen mit mehreren tausend Endpoint-Zertifikaten in Benutzung mit Synchronized Security Heartbeat
Email: Option zum Melden von False Positives für Spam Email in Email-Quarantäne hinzugefügt
Sophos Assistant: Opt-Out-Option für Sophos Assistant hinzugefügt
Betroffene Produktgruppen
Bugfixes
- NC-100971: IPsec Migration from 19.0 GA to 19.0 MR1 fails.
- NC-100737: Wireless Inbound traffic for hosts connected on Wi-Fi SSID on Separate zone is dropped by firewall rule ID 0, and outbound traffic may experience slowness.
- NC-94019: Wireless Inbound traffic for hosts connected on Wi-Fi SSID on Separate zone is dropped by firewall rule ID 0, and outbound traffic may experience slowness.
- NC-100681: IPS Engine Increase in snort memory with ATP pattern updates.
- NC-100679: CDB-CFR, Reporting Conf partition usage increases for the primary HA device.
- NC-81131: Reporting Last access time isn't generated if a user's username has an XSS payload.
- NC-94337: Reporting Migration failure to 19.0 GA when SSL/TLS inspection's log retention period isn't set to the default value.
- NC-94291: Firmware Management Small var partition created for VM image using an auxiliary disk.
- NC-94253: Licensing Can't upload airgap license file. Error message: "Certification verification failed. Invalid license file."
- NC-93919: SSL VPN SecurityHeartbeat_over_VPN is removed from SSL VPN policy after updating SSL VPN global settings.
- NC-93720: SecurityHeartbeat Auxiliary device isn't synchronized with the primary HA device for delay-missing-heartbeat-detection.
- NC-93689: Up2Date Client Cosmetic issue with SASI pattern after firmware downgrade.
- NC-93380: Email Anti-spam doesn't work after an upgrade to SFOS 18.5 MR3.
- NC-92840: Email Email isn't received and shows the error message: smtp_check_forward_reply: response arrived without any command.
- NC-92745: DNS Appliance restarts with kdump: stack guard page was hit.
- NC-92131: IPS-DAQ-NSE Unable to upload a large file with SSL/TLS inspection enabled in do-not-decrypt mode.
- NC-91300: XGS BSP npu_version (among other things) missing from telemeter. Large number of missing entries.
- NC-91295: Firewall Zones tab shows up blank after deleting a zone listed on the second page.
- NC-90839: RED RED interface disappears during a change to the DHCP server configuration.
- NC-90702: Email SASI detection problems when too many hits are returned.
- NC-90684: Wireless Multiple APX 320s don't register with XG Firewall. They don't appear on the pending list.
- NC-90566: NFP-Firewall Traffic doesn't traverse XGS firewall under a specific configuration.
- NC-90203: SD-WAN Routing SD-WAN route policy update fails.
- NC-90024: Firewall Backup restore and firmware migration fails when multiple local ACL rules are configured.
- NC-89996: Logging Issue with redirection to IPS policy from log viewer.
- NC-89162: Firewall Auto restart 0010:queued_spin_lock_slowpath+0x148/0x170.
- NC-89076: Firewall, VFP-Firewall Unable to access the website www.radix.ad.jp on the environment tagged VLAN + DPI configured.
- NC-88903: Localization German menu is broken.
- NC-88483: SSL VPN CVE: 2022-0547 openvpn deferred auth vulnerability.
- NC-88404: IPsec Tunnel doesn't come up automatically after a restart of a HA appliance.
- NC-88207: Firmware Management Firmware update fails when space is used in filename.
- NC-87659: Wireless Legacy AP roaming key decryption fails when fast transition is enabled.
- NC-87596: SSL VPN Site-to-site and remote access SSL VPN isn't working after backup is restored.
- NC-87240: Email Avira engine error with axpx files.
- NC-86819: Firmware Management, Licensing AWS instance stuck while starting it.
- NC-86690: SD-WAN Routing SD-WAN FTP proxy traffic isn't working with transparent proxy.
- NC-86652: SD-WAN Routing TFTP traffic doesn't follow SD-WAN routing.
- NC-86451: IPS-DAQ-NSE Unable to access web server through XG Firewall. SSL/TLS inspection error: Dropped due to TLS internal error.
- NC-86093: Firewall Duplicate firewall rule group.
- NC-85547: CaptivePortal Sign-in message and sign-out option don't appear with custom captive portal.
- NC-85423: SNMP Kernel crash on XG 125 with SNMP high memory consumption.
- NC-85383: IPsec Unable to connect remote access IPsec due to invalid .scx file.
- NC-85346: Email Smarthost authentication failed in server_plain authenticator: nsgenc decryption failed.
- NC-85151: Authentication Firewall moved to a group on Sophos Central gets added to the group but changes to "Error needs attention".
- NC-84604: Wireless Unable to restore backup from SG 230 to XGS 2300 due to access point database issue.
- NC-84231: Core Utils Receiving a duplicate copy of the same executive schedule reports.
- NC-84146: WAF Warning about Subject Alternative Name (SAN) not being part of the domain.
- NC-84142: Backup-Restore Unable to delete VLAN interface.
- NC-83734: Firewall Inbound emails are dropped randomly in HA load balancing with SMTP scanning enabled.
- NC-83469: SSL VPN Dashboard doesn't show the remote users.
- NC-83445: IPsec Constant IPsec VPN flapping. Pushed through Central SD-WAN orchestration.
- NC-83419: Email Inbound emails aren't delivered when SMTP scanning is enabled.
- NC-83405: Core Utils Inconsistency with Security Audit Reports (SAR).
- NC-83114: Authentication Web authentication doesn't work in HA mode when the auxiliary node is restarting.
- NC-82972: CSC Appliance in active-active HA mode stopped responding.
- NC-82225: HA Unable to establish HA correctly on fiber ports.
- NC-81944: IPsec WWAN isn't connecting after a random disconnect event if XFRM interface is created on WWAN.
- NC-81939: Firewall The firewall isn't reflecting daylight savings time correctly.
- NC-81430: CM and UI Framework User portal host injection reported.
- NC-81207: IPsec Web admin console shows an error while updating the configuration of any VPN tunnel.
- NC-81131: Reporting Last access time isn't generated when a user exists with the username having XSS payload.
- NC-80305: Certificates Though CA isn't available on the pfx file, CA upload opcode is called.
- NC-79359: IPsec Using AES256GMAC can show invalid configuration in IPsec profiles.
- NC-79319: IPsec Clarification required on the web admin console for remote access IPsec.
- NC-79128: IPsec Memory increase to 90 percent over 20-25 days.
- NC-76071: RED XGS-2100: Interface doesn't have any IP address when backup is restored.
- NRF-517: RED SD-RED 60: LAN switch VLAN configuration is lost after some time.
- NRF-509: Firmware AP doesn't register through the RED 15w tunnel.