Support-Portal
· Maintenance Release

Sophos Firewall v19 MR1 (Build 365)

Beschreibung

Bemerkungen

Features

VPN und SD-WAN-Verbesserungen

SSL-VPN-Fernverbindungen: Statisches IP-Lease-Mapping für entfernte Benutzer. Dies schließt Radius mit ein.

IPsec-VPN-Verbesserungen: Standardrichtlinien für IKEv2 hinzugefügt. Die Standardeinstellungen wurden ebenfalls aktualisiert, um ein Flattern von UDP-Verbindungen (VoIP, Skype, RDP, Zoom usw.) zu verhindern. Außerdem wurde „vpn conn-remove-tunnel-up“ deaktiviert
und „vpn conn-remove-on-failover“ für die neue Konfiguration aktiviert (beeinflusst jedoch keine vorhandenen Bereitstellungen).

SD-RED: Unterstützung für mehrere DHCP-Server pro RED-Interface

SD-WAN-Profile: Rule-ID und Index-Spalten zur SD-WAN-Profil-Verwaltungsseite hinzugefügt

Weitere Verbesserungen

Anti-Malware-Engine: Auf 64-bit geupgraded. Die sekundäre Engine von Avira erhält keine Updates für die 32-bit-Version beginnend ab dem 31.12.2022. Alle Nutzer der Avira-Engine müssen entweder auf v19 MR1 oder v18.5 MR5 (oder neuer) upgraden.

Synchronized Security: Verbesserte Sophos Central Firewall Management-Beständigkeit in Umgebungen mit mehreren tausend Endpoint-Zertifikaten in Benutzung mit Synchronized Security Heartbeat

Email: Option zum Melden von False Positives für Spam Email in Email-Quarantäne hinzugefügt

Sophos Assistant: Opt-Out-Option für Sophos Assistant hinzugefügt

Betroffene Produktgruppen

Bugfixes

  • NC-100971: IPsec Migration from 19.0 GA to 19.0 MR1 fails.
  • NC-100737: Wireless Inbound traffic for hosts connected on Wi-Fi SSID on Separate zone is dropped by firewall rule ID 0, and outbound traffic may experience slowness.
  • NC-94019: Wireless Inbound traffic for hosts connected on Wi-Fi SSID on Separate zone is dropped by firewall rule ID 0, and outbound traffic may experience slowness.
  • NC-100681: IPS Engine Increase in snort memory with ATP pattern updates.
  • NC-100679: CDB-CFR, Reporting Conf partition usage increases for the primary HA device.
  • NC-81131: Reporting Last access time isn't generated if a user's username has an XSS payload.
  • NC-94337: Reporting Migration failure to 19.0 GA when SSL/TLS inspection's log retention period isn't set to the default value.
  • NC-94291: Firmware Management Small var partition created for VM image using an auxiliary disk.
  • NC-94253: Licensing Can't upload airgap license file. Error message: "Certification verification failed. Invalid license file."
  • NC-93919: SSL VPN SecurityHeartbeat_over_VPN is removed from SSL VPN policy after updating SSL VPN global settings.
  • NC-93720: SecurityHeartbeat Auxiliary device isn't synchronized with the primary HA device for delay-missing-heartbeat-detection.
  • NC-93689: Up2Date Client Cosmetic issue with SASI pattern after firmware downgrade.
  • NC-93380: Email Anti-spam doesn't work after an upgrade to SFOS 18.5 MR3.
  • NC-92840: Email Email isn't received and shows the error message: smtp_check_forward_reply: response arrived without any command.
  • NC-92745: DNS Appliance restarts with kdump: stack guard page was hit.
  • NC-92131: IPS-DAQ-NSE Unable to upload a large file with SSL/TLS inspection enabled in do-not-decrypt mode.
  • NC-91300: XGS BSP npu_version (among other things) missing from telemeter. Large number of missing entries.
  • NC-91295: Firewall Zones tab shows up blank after deleting a zone listed on the second page.
  • NC-90839: RED RED interface disappears during a change to the DHCP server configuration.
  • NC-90702: Email SASI detection problems when too many hits are returned.
  • NC-90684: Wireless Multiple APX 320s don't register with XG Firewall. They don't appear on the pending list.
  • NC-90566: NFP-Firewall Traffic doesn't traverse XGS firewall under a specific configuration.
  • NC-90203: SD-WAN Routing SD-WAN route policy update fails.
  • NC-90024: Firewall Backup restore and firmware migration fails when multiple local ACL rules are configured.
  • NC-89996: Logging Issue with redirection to IPS policy from log viewer.
  • NC-89162: Firewall Auto restart 0010:queued_spin_lock_slowpath+0x148/0x170.
  • NC-89076: Firewall, VFP-Firewall Unable to access the website www.radix.ad.jp on the environment tagged VLAN + DPI configured.
  • NC-88903: Localization German menu is broken.
  • NC-88483: SSL VPN CVE: 2022-0547 openvpn deferred auth vulnerability.
  • NC-88404: IPsec Tunnel doesn't come up automatically after a restart of a HA appliance.
  • NC-88207: Firmware Management Firmware update fails when space is used in filename.
  • NC-87659: Wireless Legacy AP roaming key decryption fails when fast transition is enabled.
  • NC-87596: SSL VPN Site-to-site and remote access SSL VPN isn't working after backup is restored.
  • NC-87240: Email Avira engine error with axpx files.
  • NC-86819: Firmware Management, Licensing AWS instance stuck while starting it.
  • NC-86690: SD-WAN Routing SD-WAN FTP proxy traffic isn't working with transparent proxy.
  • NC-86652: SD-WAN Routing TFTP traffic doesn't follow SD-WAN routing.
  • NC-86451: IPS-DAQ-NSE Unable to access web server through XG Firewall. SSL/TLS inspection error: Dropped due to TLS internal error.
  • NC-86093: Firewall Duplicate firewall rule group.
  • NC-85547: CaptivePortal Sign-in message and sign-out option don't appear with custom captive portal.
  • NC-85423: SNMP Kernel crash on XG 125 with SNMP high memory consumption.
  • NC-85383: IPsec Unable to connect remote access IPsec due to invalid .scx file.
  • NC-85346: Email Smarthost authentication failed in server_plain authenticator: nsgenc decryption failed.
  • NC-85151: Authentication Firewall moved to a group on Sophos Central gets added to the group but changes to "Error needs attention".
  • NC-84604: Wireless Unable to restore backup from SG 230 to XGS 2300 due to access point database issue.
  • NC-84231: Core Utils Receiving a duplicate copy of the same executive schedule reports.
  • NC-84146: WAF Warning about Subject Alternative Name (SAN) not being part of the domain.
  • NC-84142: Backup-Restore Unable to delete VLAN interface.
  • NC-83734: Firewall Inbound emails are dropped randomly in HA load balancing with SMTP scanning enabled.
  • NC-83469: SSL VPN Dashboard doesn't show the remote users.
  • NC-83445: IPsec Constant IPsec VPN flapping. Pushed through Central SD-WAN orchestration.
  • NC-83419: Email Inbound emails aren't delivered when SMTP scanning is enabled.
  • NC-83405: Core Utils Inconsistency with Security Audit Reports (SAR).
  • NC-83114: Authentication Web authentication doesn't work in HA mode when the auxiliary node is restarting.
  • NC-82972: CSC Appliance in active-active HA mode stopped responding.
  • NC-82225: HA Unable to establish HA correctly on fiber ports.
  • NC-81944: IPsec WWAN isn't connecting after a random disconnect event if XFRM interface is created on WWAN.
  • NC-81939: Firewall The firewall isn't reflecting daylight savings time correctly.
  • NC-81430: CM and UI Framework User portal host injection reported.
  • NC-81207: IPsec Web admin console shows an error while updating the configuration of any VPN tunnel.
  • NC-81131: Reporting Last access time isn't generated when a user exists with the username having XSS payload.
  • NC-80305: Certificates Though CA isn't available on the pfx file, CA upload opcode is called.
  • NC-79359: IPsec Using AES256GMAC can show invalid configuration in IPsec profiles.
  • NC-79319: IPsec Clarification required on the web admin console for remote access IPsec.
  • NC-79128: IPsec Memory increase to 90 percent over 20-25 days.
  • NC-76071: RED XGS-2100: Interface doesn't have any IP address when backup is restored.
  • NRF-517: RED SD-RED 60: LAN switch VLAN configuration is lost after some time.
  • NRF-509: Firmware AP doesn't register through the RED 15w tunnel.