Hi all,

This is a very early beta of a script that does the following:

– Takes a backup of the old ovpn config from SG UTM SSLVPN

– Removes old SG UTM client

– Installs Sophos Connect

– Imports the old config into Sophos Connect so user can still connect to UTM

– Installs a provisioning file for the coming Sophos Firewall, so migration should be easier

Have testet it all, it works so far good, but do not implement in production before thoroughly tested

Batch script:

@echo off

IF NOT EXIST “c:\Program Files (x86)\Sophos\Sophos SSL VPN Client\uninstall.exe” goto :eof
REM Remove the old client
REM Kill running programs, preventing uninstall
taskkill /im openvpn* /F
timeout 2
REM Backup the OVPN config file
rem rmdir “c:\!vpn” /s /q
mkdir c:\!vpn
copy “c:\Program Files (x86)\Sophos\Sophos SSL VPN Client\config\*.ovpn” c:\!vpn\
REM Use uninstaller to remove the client
cd\Program Files (x86)\Sophos\Sophos SSL VPN Client
Uninstall.exe /S
timeout 10
REM Do folder cleanup – if not, Sophos Connect refuse to install
cd\
rmdir “c:\Program Files (x86)\Sophos\Sophos SSL VPN Client” /s /q

SET Sophos_Connect=Sophos\Connect\scvpn
IF “%PROCESSOR_ARCHITECTURE%” == “x86” GOTO X86_PROG
IF NOT EXIST “%ProgramFiles(x86)%\%Sophos_Connect%” GOTO INSTALL
exit /b 0
:X86_PROG
IF NOT EXIST “%ProgramFiles%\%Sophos_Connect%” GOTO INSTALL
exit /b 0
:INSTALL
msiexec.exe /i “\\server\share\SophosConnect.msi” /QN
timeout 5
REM Deploying SSLVPN provisioning file – user must connect once with the client to fetch their profile when SF is in place.
REM Userportal on SF must be accessible and with a valid certificate!
copy /Y “\\server\share\xgsslvpn.pro” “C:\Program Files (x86)\Sophos\Connect\Import\”
REM Deploying old SSLVPN for UTM
copy /Y “c:\!vpn\*.ovpn” “C:\Program Files (x86)\Sophos\Connect\Import\”
Popd
REM Start Gui – tray icon.
start “” “C:\Program Files (x86)\Sophos\Connect\GUI\scgui.exe”

:eof

END && EXIT

Sample Provisioning file:

[
{
“gateway”: “fw01.domain.dk”,
“user_portal_port”: 4445,
“otp”: false,
“auto_connect_host”: “”,
“can_save_credentials”: true,
“check_remote_availability”: false,
“run_logon_script”: false
}
]

Hope you can use this to get moving with Sophos Firewall and SSLVPN

Sophos has released early access for v18.5 MR1, read more here

Remember after 18.5 NO AP-models accesspoints are supported, only APX-models are!!!!

Here’s a full list of what’s new in v18.5 MR1:

Support for new Central Orchestration Subscription (included in the new Xstream Protection license bundle):

• Central SD-WAN VPN Orchestration enables easy point-and-click site-to-site VPN orchestration from Sophos Central – automatically configuring the necessary tunnels and firewall access rules for your desired SD-WAN overlay network.
• Central Firewall Reporting Advanced with 30-days of data retention for full multi-firewall reporting in Sophos Central with access to all pre-packaged reports plus flexible custom report capabilities and the option to save, schedule, or export your reports.
• Sophos MTR/XDR connector to enable Sophos Firewall intelligence and data to be used as part of our Managed Threat Response 24/7 service, or as part of your self-managed cross-product extended detection and response solution.

A separate community post with the full details on Central Orchestration and how to take advantage of it will be published later today. Keep watching this space.

Additional Enhancements:

• Resolved FragAttack Vulnerabilities recently discovered in the Wi-Fi specification for all internal and add-on Wi-Fi modules for Sophos (XG) Firewall desktop series appliances. All other updates will follow as outlined in this advisory.
• Enhanced Backup/Restore Support improves backup/restore operations across different models by better mapping the management ports. v18.5 MR1 can also restore backups from v18 MR5 and earlier including any older v17.5 MRs.
• XGS Series Reset Button enables a long press of the hardware reset button on XGS Series appliances (XGS 116 and higher models) to perform a factory reset to help recover from a bad configuration.
• VPN Tunnel Logging adds improved logging of VPN tunnel flap events and IPsec IKEv2 rekeying
• Sophos DDNS (myfirewall.com) will be discontinued and no longer supports new registrations. This is planned from January 31, 2022. Refer to KBA-41764 for more details.

Issues Resolved:

• NC-69584 [Authentication, SSLVPN] The user information displayed for remote users under Monitor & Analyze -> Current activities on Web Admin are not display proper.
• NC-73734 [Date/Time Zone] Reports showing wrong time zone due to /etc/timezone is not updated during restore
• NC-73542 [Email] DKIM signing broken in Exim 4.94
• NC-73665 [Email] Email exception list is empty for source/host if you save and re-open the exception
• NC-58370 [Firewall] User logout event clears firewall fields in conntrack of connection going through network based rules, results in packet drop
• NC-66067 [Firewall] Firewall filter for ‘unused’ rules does not work.
• NC-69495 [Firewall] XG 210 frequently rebooting [skb->sk corruption]
• NC-69558 [Firewall] XG750 18.0.3.457 crash: tcp_v4_rcv+0xb14/0xbb0
• NC-70461 [Firewall] IPv6 Host group doesn’t match when a network type host is added in host group
• NC-71473 [Firewall] PortB4 (not existing) still shows up in custom SNAT on CLI
• NC-71922 [Firewall] Chitale: XGS6500 auto rebooted
• NC-72153 [Firewall] VLAN on bridge with fastpath enabled does not pass traffic
• NC-72494 [Firewall] When multiple packets are sent from the same origin to the same destination at the same time,the first packets always get drop
• NC-68595 [HA] Unable to establish HA with Quick Mode
• NC-72076 [HA] HA sync dir failure resulted in empty directory
• NC-69937 [Hotspot] Hotspot option device per voucher is inconsistent
• NC-72311 [Hotspot] Hotspot user logged in when the arp resolution was in incomplete state
• NC-71126 [Interface Management] XGS 116w EAP3 – IF alias UI timeout error
• NC-71333 [Policy Routing] Incoming VPN traffic doesn’t follow SDWAN policy
• NC-71151 [QoS] Unable to edit/add users when traffic shaping policy exist with name “None”
• NC-71996 [SNMP] SNMPD memory usage keeps increasing
• NC-73687 [SSLVPN] SSLVPN remote access: push_reply does not include updated permitted lan networks
• NC-71443 [WAF] WAF license warning even if WAF is subscribed

Read it all: (3) Sophos Firewall v18.5 MR1 Early Access is Here! – Release Notes & News – Sophos (XG) Firewall – Sophos Community

The Windows Exploits seems to to rolling out this july!

Yesterday a new:

Windows Elevation of Privilege Vulnerability

Was shown to the public

CVE-2021-36934 – Security Update Guide – Microsoft – Windows Elevation of Privilege Vulnerability

New Windows 10 vulnerability allows anyone to get admin privileges (bleepingcomputer.com)

Workarounds

Sophos has today announced the EOD and EOL of Sophos UTM manager (SUM), it important to say that this does not go for the UTM itself, but it sure looks like a big step forward of EOL’ing the UTM also, though they state that is not in the plans, but recommending customers to go for “Sophos Firewall” instead

So, plan accordingly:

End-of-Support/End-of-Life Pre-Announcement

The planned End-of-Support/End-of-Life (EOL) date for SUM is December 31, 2022
Lifecycle Milestones:

Customers currently using SUM can continue to do so until the EOL date. Any usage after that date would be at a customer’s own risk as the product will then no longer be supported.

This announcement does not impact the availability or use of Sophos UTM or the SG Series in any way.

Read more about it here:

Sophos UTM Manager: End of Distribution and End-of-Life Announcement

Sophos has today announced the EOL of the Sophos SSL VPN client, (Traffic Light), but there are good migration paths

Read the statement here:

With the launch of the new and greatly improved Sophos Connect v2 VPN client over a year ago, we are announcing the End-of-Life (EoL) of the old Sophos SSL VPN Client for Windows. The EoL of the old SSL VPN Client will be effective Jan 31, 2022.

Sophos SSL VPN clients will continue to function but new downloads will no longer be available after January 31, 2022. New client installs are encouraged to use Sophos Connect and existing deployments are recommended to migrate as soon as possible.

Sophos Connect v2 is our new and greatly enhanced VPN client that works with both Sophos (XG) Firewall and Sophos (SG) UTM.

You may also wish to take this opportunity to consider migrating to Sophos Zero Trust Network Access (ZTNA) which is a brand new technology and Sophos product that offers much better security, easier management, and a more transparent end-user experience. It’s a much better solution for remote access than VPN and it integrates nicely with Sophos Intercept X.

For assistance in setting up Sophos Connect, please consult these resources:

Sophos has released a big maintenance release for SFW, here are the release notes:

Sophos has opened up for v19, the long awaited new release for Sophos Firewall, here is what’s new:

(Remember: Sophos Firewall OS v19 EAP1 (Build 244) is a fully supported upgrade from v17.5 MR14 and later, v18 MR3 and later and all previous versions of v18.5 except the latest v18.5 MR2.)

The early access program for Sophos Firewall OS v19 is kicking off today delivering Xstream SD-WAN capabilities.

Earlier this year, we launched the powerful new XGS Series firewalls with dedicated Xstream Flow Processors to accelerate SD-WAN, SaaS, and cloud traffic.  We then followed that with an extremely easy way to orchestrate complex SD-WAN overlay networks in Sophos Central.  And today, we’re introducing Xstream SD-WAN.

Sophos Firewall OS v19 includes several new and exciting SD-WAN capabilities including SD-WAN profiles with multi-gateway support and performance SLA link selection, as well as performance monitoring tools, SD-WAN logging, and much more.

Xstream FastPath Acceleration of IPsec VPN tunnel traffic will also be part of SFOS v19 and is still being finalized for inclusion in the next EAP phase.

All this adds up to Xstream SD-WAN – delivering extreme new levels of networking flexibility and performance – all integrated into your firewall.

Here are the major enhancements in SFOS v19

SD-WAN

• SD-WAN Profiles and Advanced Performance SLAs – with multiple gateway support for seamless and efficient re-routing of traffic based on WAN link performance.
• SD-WAN monitoring – provides graphical real-time and historical monitoring of SD-WAN link performance metrics including latency, jitter, and packet loss.
• SD-WAN Logging – integrates SD-WAN routing information into log data with a new SD-WAN log viewer module

VPN

• VPN Management – VPN management has been reorganized and streamlined including new separate main menu items for remote access and site-to-site VPN management as well as many other intuitive changes, a new SSL remote-access setup wizard, and more.
• VPN Performance – SSL VPN capacity is dramatically improved (up to 5x) thanks to the addition of multi-instance support, and in the next EAP phase, we will be introducing Xstream FastPath acceleration of IPsec VPN tunnel traffic.
• VPN Operational Enhancements – include a variety of additional changes including custom policy support for IPsec RA, RBVPN, new GCM and Suite-B cipher support for IPsec, and SSL VPN enhancements.
• VPN Logging – A new log viewer module has been added to assist in monitoring and trouble-shooting VPN connections for both remote-access and site-to-site using SSL or IPsec.
• AWS VPC Import – You can now import your VPC configuration XML file from AWS to streamline the tunnel setup on your Sophos Firewall.

Other Enhancements

• Web Protection – Per-connection authentication for multiple users on the same source IP address, enforcement of tenant restrictions for O365, and X-Forwarded-For Header support for up-stream load balancers and proxies.
• System and Object Search – New search capabilities to quickly and easily find screens or features in the product, as well as enhanced object search when building firewall, NAT, TLS or routing rules that allows free text searching for any object in the system.
• Performance, Protection, and Usability Enhancements – including scalable authentication performance (in high user-count environments), Synchronized Security enhancements for lateral movement protection, Flow Monitor interface enhancements, MFA enhancements, and log aggregation and suppression.

Check out the detailed PDF list of What’s New in the SFOS v19 Early Access Program.

Watch brief demo videos for many of the new features:

• SD-WAN Profiles and Performance-based SLAs
• VPN Enhancements
• AWS VPC Setup
• New Search Features
• Per-Connection Authentication
• Multi-Factor Authentication

Of course, SFOS v19 also includes all the other great enhancements in SFOS v18.5 MR2 which will be popping up in your consoles as an update any day now.

Getting Started and Providing Feedback

Sophos Firewall OS v19 EAP1 (Build 244) is a fully supported upgrade from v17.5 MR14 and later, v18 MR3 and later and all previous versions of v18.5 except the latest v18.5 MR2.

Please visit the SFOS v19 EAP Registration Page to get started.

Once you’re up and running, please provide feedback through your Sophos Firewall’s feedback mechanism (top right of every screen on your Firewall).  Also visit our EAP Community Forums to share your experience with others.

Note: Please do not call Sophos Support for issues related to the EAP. Troubleshooting and support for all EAP versions is handled solely through the online Sophos Community EAP Forums.

Please be on the lookout for brief email surveys over the course of the EAP.  These can be extremely helpful in shaping the release, and don’t worry, we value your time and will ensure they won’t take long to complete.

Source:

Sophos Firewall v19 – Xstream SD-WAN – Announcements – SFOS v19 Early Access Program – Sophos Community

The new log4j or LogJam Expolits targets many systems, one there is a severe need to patch is VMWARE, but as of time of writing on this article, there is no patch available yet, it is being worked on, BUT here is a workaround posted, here is how to fix various version of vCenter server:

Source : (Please use link, as the article is being updated often!)

Workaround instructions to address CVE-2021-44228 in vCenter Server and vCenter Cloud Gateway (87081) (vmware.com)

For thoose testing out the v19 EAP, EAP2 is just out minutes ago

Many new additions, but mostly is IPSEC traffic now processed through the Hardware Fastpath track on the XGS appliances, it a huge performance step for IPSEC

Read all about the EAP2 here:

Sophos Firewall OS v19 EAP 2 Now Available – Announcements – SFOS v19 Early Access Program – Sophos Community

Watch brief demo videos for many of the new features:

• SD-WAN Profiles and Performance-based SLAs
• VPN Enhancements
• AWS VPC Setup
• New Search Features
• Per-Connection Authentication
• Multi-Factor Authentication

UPDATE 2: Se down below for fix – as of now!

There have been many issues with disappering VPN profiles in Windows 11, when it’s deployed via MEM / intune, some states that when split tunneling is removed, it should work, but in my tests it did not, it was just….weird.

There are many workarounds to this:

Windows 11 and Always On VPN problems soon to be solved! – Mr T-Bone´s Blog (tbone.se)

Deploy your Always On VPN Profile for Windows 11 using Proactive Remediations in Microsoft Intune – imab.dk

But hopes are up for the January 25, 2022—KB5008353 (OS Build 22000.469) update, which is now in preview, but the changelog states:

“Addresses an issue that might cause VPN profiles to disappear. This issue occurs when you use Microsoft Intune or a third-party mobile device management (MDM) tool to deploy VPN profiles on Windows 11 (original release)”

I have installed it on two clients, and so far, everything is good

No it’s not working, what IS working is to create a custom profile with a ProfileXML and OMA-URI: ./User/Vendor/MSFT/VPNv2/Always%20On%20VPN/ProfileXML

Sophos released a minior maintenance release for UTM, fixing issues with Email Security module:

Up2Date 9.709003 package description:

Remarks:
System will be rebooted
Configuration will be upgraded

News:
Maintenance Release

Bugfixes:
Fix [NUTM-12868]: [Email] It is not possible to permantly block an IP from the SMTP-Proxy if authentication is enabled
Fix [NUTM-13008]: [Email] Public DNS causing blocked connection with RBL

RPM packages contained:
libapr1-1.7.0-0.402050696.gf999c6d.rb4.i686.rpm
firmwares-bamboo-9400-0.404915705.g04a4dde.rb2.i586.rpm
modauthnzaua-9.70-270.gcb78b67.rb110.i686.rpm
modauthzblacklist-9.70-372.gefe2089.rb16.i686.rpm
modavscan-9.70-359.g793e6f1.rb58.i686.rpm
modcookie-9.70-377.g63c8b0f.rb11.i686.rpm
modcustomblockpage-9.70-279.gbe16bc0.rb82.i686.rpm
modfirehose-2.5_SVNr1309567-14.g4ab2622.rb109.i686.rpm
modformhardening-9.70-367.g820d795.rb15.i686.rpm
modpcap-9.70-0.142961807.g994d6f0.rb109.i686.rpm
modproxymsrpc-0.5-121.gc7f8565.rb118.i686.rpm
modreverseauth-9.70-364.g469bdce.rb46.i686.rpm
modsecurity2-2.9.3-0.g2e3bf76.rb46.i686.rpm
modsecurity2_beta-2.9.0-460.g62b8fdb.rb113.i686.rpm
modsessionserver-9.70-0.247653793.g4179dcf.rb113.i686.rpm
modurlhardening-9.70-367.g820d795.rb15.i686.rpm
modwafexceptions-9.70-322.gd203205.rb60.i686.rpm
modwhatkilledus-2.01-0.258193062.g46092ac.rb113.i686.rpm
perf-tools-3.12.74-0.404220605.ge71cef2.rb5.i686.rpm
sophos-wifi-0.1-1.0.403098202.gd132c63de.rb1.i686.rpm
ep-confd-9.70-863.gd50596374.rb6.i686.rpm
ep-cssd-9.70-17.gde1bdc2.rb2.i686.rpm
ep-webadmin-9.70-813.g0d388edff.rb4.i686.rpm
ep-webadmin-spx-9.70-4.g4c9c750.i686.rpm
ep-chroot-smtp-9.70-88.g6b57c6e.rb5.i686.rpm
chroot-reverseproxy-2.4.51-0.g9d1f7b3.rb2.i686.rpm
kernel-smp-3.12.74-0.404220605.ge71cef2.rb9.i686.rpm
kernel-smp64-3.12.74-0.404220605.ge71cef2.rb9.x86_64.rpm
ep-release-9.709-3.noarch.rpm

From Sophos:

The product team is pleased to announce the latest maintenance release update for SFOS with important customer and partner requested features, as well as important security, performance, and reliability fixes.

It is a critically important cybersecurity best-practise to keep your firewall updated with the latest firmware.

SFOS v18.5 MR3 Highlight: DHCP Boot Option Configurations

This new feature addresses an important customer and partner request to enable additional DHCP boot options for clients on the network such as VoIP phones or other types of devices that have unique DHCP requirements.

Additional Updates:

• Support for kernel dump reporting to improve trouble shooting and root-cause-analysis in the event of an issue
• Email protection anti-spam engine updated to Sophos Anti-Spam Interface
• Several important security, performance and reliability enhancements including a fix for a recently disclosed OpenSSL DoS vulnerability

How to get it

As usual, this software update is no charge for all licensed Sophos Firewall devices and should be applied to all supported firewall devices as soon as possible.

It will be rolled out to all connected devices over the coming days. A notification will appear on your local device or Sophos Central management console when the update is available allowing you to schedule the update at your convenience.  Otherwise, you can manually download the latest firmware from MySophos and update anytime.

Sophos Firewall OS v18.5 MR3 is a fully supported upgrade from v17.5 MR14 and later, v18 MR3 and later, and all previous versions of v18.5.

Sophos have today relaed this update to all UTM’s:

Up2Date 9.710001 package description:

Remarks:
System will be rebooted
Configuration will be upgraded

News:
Maintenance Release

Bugfixes:
Fix [NUTM-12592]: [Basesystem] Use Only Secure Ciphers for UTM SSH Server
Fix [NUTM-12784]: [Basesystem] Patch BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, CVE-2021-25219)
Fix [NUTM-13101]: [Basesystem] Patch Strongswan Vulnerability (CVE-2021-41991)
Fix [NUTM-13119]: [Basesystem] Patch Binutils Vulnerability (CVE-2021-3487)
Fix [NUTM-13144]: [Basesystem] Remove SSLVPN client downloader from UTM
Fix [NUTM-13192]: [Basesystem] Use Secure Key Exchange Algorithms for SSH
Fix [NUTM-13203]: [Basesystem] snmpd high memory for snmpwalk v3
Fix [NUTM-12615]: [Configuration Management] Root password hash exposed via confd*.log (CVE-2022-0652)
Fix [NUTM-13013]: [Email] Upgrade Exim to v4.95
Fix [NUTM-13200]: [Email] OAEP RSA padding mode still uses SHA-1 in S/MIME
Fix [NUTM-13267]: [Email] Nest – SQLi in the Mail Manager (CVE-2022-0386)
Fix [NUTM-13071]: [Logging] IPFIX reporting transferred data on wrong direction
Fix [NUTM-12885]: [Network] IPS exceptions issue
Fix [NUTM-12987]: [RED] Issue with RED tunnel on BO after disconnecting PPPoE
Fix [NUTM-12936]: [Web] Add configuration for overriding warn page proceed link protocol (Standard Mode SSO)

RPM packages contained:
AstaroPerl-5.10.1-1008.57.gdaafca1.rb3.i686.rpm
app-accuracy-client-9.70-1.gd08e3e4.rb2.noarch.rpm
binutils-2.25.0-5.5.2018.gcc020198.rb3.i686.rpm
client-openvpn-9.70-4.g5143b91.rb2.noarch.rpm
cm-nextgen-agent-9.70-7.g8eb321a.rb3.i686.rpm
cpio-2.9-75.80.1.1947.g452029e0.rb3.i686.rpm
ipv6-hurricane-9.70-1.gc66dbf0.rb2.i686.rpm
macset-9.70-1.g1bc5be2.rb3.i686.rpm
perl-Net-MAC-Vendor-1.18-1.994.g51dec3d.rb3.noarch.rpm
sophos-wifi-0.1-1.0.407505236.g97f3d0747.rb1.i686.rpm
ulogd-2.1.0-141.g0c56ed8.rb3.i686.rpm
uma-9.70-3.gcb96601.rb2.i686.rpm
ep-reporting-9.70-42.g3bebde3.rb3.i686.rpm
ep-reporting-resources-9.70-42.g3bebde3.rb3.i686.rpm
ep-aua-9.70-25.g0f77948.rb3.i686.rpm
ep-awed-9.70-40.g5e7389b.rb4.i686.rpm
ep-awetools-9.70-1.gcf2c4ac.rb2.i686.rpm
ep-confd-9.70-900.gb08e1bfcf.rb8.i686.rpm
ep-confd-tools-9.70-890.g259cddf70.rb8.i686.rpm
ep-confd-turksat-xml-rpc-proxy-9.70-1.g0916652.rb2.i686.rpm
ep-ctmon-9.70-1.ged02c90.rb2.i686.rpm
ep-epsecd-9.70-1.g72334a1.rb2.i686.rpm
ep-ha-confd-9.70-1.g03e453a.rb2.i686.rpm
ep-hotspot-web-9.70-1.g1bc5be2.rb5.i686.rpm
ep-hotspotd-9.70-1.g1bc5be2.rb3.i686.rpm
ep-init-9.70-23.g4e18831.rb3.noarch.rpm
ep-ipsfb-9.70-1.g320b01e.rb2.i686.rpm
ep-license-tools-9.70-34.g872c949.rb3.i686.rpm
ep-logging-9.70-17.g9cd028e.rb3.i686.rpm
ep-mdw-9.70-861.g9a93a413.rb6.i686.rpm
ep-migration-agent-9.70-3.g90aab21.rb2.i686.rpm
ep-notifier-9.70-1.g45423be.rb2.i686.rpm
ep-raidtools-9.70-3.g03051d2.rb2.i686.rpm
ep-red-9.70-62.g12a281e.rb4.i686.rpm
ep-restd-9.70-15.g53585f2.rb3.i686.rpm
ep-sandboxd-9.70-64.ge1a2d13.rb3.i686.rpm
ep-screenmgr-9.70-4.g45070e0.rb4.i686.rpm
ep-selfmon-9.70-3.gbdffbfa.rb2.i686.rpm
ep-sms-client-9.70-1.g093414d.rb2.i686.rpm
ep-spx-auth-9.70-1.g7215482.rb2.i686.rpm
ep-tools-9.70-34.g872c949.rb3.i686.rpm
ep-tools-cpld-9.70-34.g872c949.rb3.i686.rpm
ep-u2d-download-9.70-1.g408cca4.rb2.i686.rpm
ep-up2date-9.70-37.g43f686c.rb4.i686.rpm
ep-up2date-downloader-9.70-37.g43f686c.rb4.i686.rpm
ep-up2date-pattern-install-9.70-37.g43f686c.rb4.i686.rpm
ep-up2date-system-install-9.70-37.g43f686c.rb4.i686.rpm
ep-webadmin-9.70-836.g48cd074fe.rb6.i686.rpm
ep-webadmin-contentmanager-9.70-63.g6280375.rb5.i686.rpm
ep-webadmin-spx-9.70-6.gfd2711b.rb3.i686.rpm
ep-chroot-ntp-9.70-6.gef1063f.rb3.noarch.rpm
ep-chroot-smtp-9.70-92.gbc63ae8.rb4.i686.rpm
chroot-bind-9.11.3-0.403647303.g5123c2a.rb3.i686.rpm
chroot-ipsec-9.70-88.g65f41bd.rb2.i686.rpm
chroot-smtp-9.70-65.gcae74a42.rb3.i686.rpm
ep-httpproxy-9.70-288.g5085a26a.rb4.i686.rpm
net-snmp-chroot-5.7.3-791.g81d5fde4.rb3.i686.rpm
quagga-chroot-0.99.24-467.g2499c5e8.rb3.i686.rpm
ep-release-9.710-1.noarch.rpm

Sophos has released the new update, with among others support for other WIFI chipsets due to delivery problems, also a lot of security updates:

Release notes:
Up2Date 9.711005 package description:

Remarks:
System will be rebooted
Configuration will be upgraded

News:
Maintenance Release

Bugfixes:
Fix [NUTM-13334]: [Basesystem] PowerShell / Putty – Default SSH client options result in failed connection
Fix [NUTM-13394]: [Basesystem] Openssl Vulnerability – CVE-2022-0778
Fix [NUTM-13421]: [Basesystem] Upgrade Apache to 2.4.53
Fix [NUTM-13326]: [UI Framework] Identify 32-bit or 64-bit build in WebAdmin footer
Fix [NUTM-13419]: [WAF] Upgrade Apache to 2.4.53 (WAF) – CVE-2022-22720
Fix [NUTM-13363]: [Wireless] Integrate updated APX firmware version 11.0.019
Fix [NUTM-13433]: [Wireless] AP/APX : Openssl Vulnerability – CVE-2022-0778
Fix [NUTM-13432]: [] SG : APX firmware changes to support HW without TPM

RPM packages contained:
libopenssl1_0_0-1.0.2j-4.1.0.413056338.gba2f367d.rb4.i686.rpm
libopenssl1_0_0_httpproxy-1.0.2j-4.1.0.413056338.gba2f367d.rb4.i686.rpm
firmwares-bamboo-9400-0.414167130.ge81ec18.rb2.i586.rpm
modauthnzaua-9.70-270.gcb78b67.rb115.i686.rpm
modauthzblacklist-9.70-372.gefe2089.rb21.i686.rpm
modavscan-9.70-359.g793e6f1.rb62.i686.rpm
modcookie-9.70-377.g63c8b0f.rb15.i686.rpm
modcustomblockpage-9.70-279.gbe16bc0.rb87.i686.rpm
modfirehose-2.5_SVNr1309567-14.g4ab2622.rb114.i686.rpm
modformhardening-9.70-367.g820d795.rb19.i686.rpm
modpcap-9.70-0.142961807.g994d6f0.rb114.i686.rpm
modproxymsrpc-0.5-121.gc7f8565.rb123.i686.rpm
modreverseauth-9.70-364.g469bdce.rb51.i686.rpm
modsecurity2-2.9.3-0.g2e3bf76.rb51.i686.rpm
modsecurity2_beta-2.9.0-460.g62b8fdb.rb118.i686.rpm
modsessionserver-9.70-0.247653793.g4179dcf.rb118.i686.rpm
modurlhardening-9.70-367.g820d795.rb19.i686.rpm
modwafexceptions-9.70-322.gd203205.rb65.i686.rpm
modwhatkilledus-2.01-0.258193062.g46092ac.rb118.i686.rpm
openssl-1.0.2j-4.1.0.413056338.gba2f367d.rb4.i686.rpm
ep-confd-9.70-904.g892543aaf.i686.rpm
ep-init-9.70-25.gbba9e83.rb3.noarch.rpm
ep-webadmin-9.70-837.gb31a9100b.rb6.i686.rpm
chroot-httpd-2.4.53-0.413421985.ga1925d9.rb4.i686.rpm
chroot-reverseproxy-2.4.53-0.414071342.g0743f2f.rb1.i686.rpm
ep-release-9.711-5.noarch.rpm

Hi all,

Time for a quick post

If you have an old Sophos SG appliance laying around, don’t throw it out, it runs the free PFSense Community Edition just fine

For VGA install:

Attach a HDMI Monitor and a USB keyboard to the device.

Download installer here:

Download pfSense Community Edition

Use RUFUS to create a bootable USB stick and choose the downloaded PFSense Image.

Boot the appliance from the USB stick.

Choose the standard settings in the installer, and choose the disk to install PFSense to.

After reboot, set up the intial settings (All PFSense releated and not covered here)

Now to get the LCD working for the 1U rack mount SG devices

Install the LCDPROC package in PFSense package manager, and setup like this:

To add a little extra “hello” and “goodbye” messages, for fun, edit the file:

/usr/local/etc/LCDd.conf

[server]
DriverPath=/usr/local/lib/lcdproc/
Driver=hd44780
Bind=127.0.0.1
Port=13666
ReportLevel=3
ReportToSyslog=yes
User=nobody
Foreground=no
ServerScreen=no
Hello=” IKT-PEOPLE APS”
Hello=”+45 70 40 50 28″
GoodBye=”Firewall”
GoodBye=”shutting down…”
WaitTime=5
TitleSpeed=5
ToggleRotateKey=Enter
PrevScreenKey=Left
NextScreenKey=Right
ScrollUpKey=Up

Restart service “service LCDd onerestart”

Result:

From Sophos Community – they had just soft released it today, have successfully used the update and it works great

Sophos Firewall OS v19 was released just a few months ago in April, and has already been adopted by a huge number of partners and customers who have upgraded to take advantage of the many Xstream SD-WAN and VPN enhancements.

This latest update, v19 MR1, brings a number of additional enhancements and fixes to what is already one of our best firewall updates ever:

What’s New in SFOS v19 MR1:

VPN and SD-WAN Enhancements:

• SSLVPN Remote Access – Static IP lease support to enable mapping of remote users with static IP addresses to improve user traceability, monitoring and visibility. This also includes static IP leases with an external Radius server.
• IPsec VPN Enhancements – includes adding default IPsec site-to-site IKEv2 policies for improved head office to branch office tunnels, eliminating manual fine tuning for re-key interval, dead peer detection (DPD) action and key negotiation. Defaults were also updated to prevent flapping of UDP connections (VoIP, Skype, RDP, Zoom, etc.).  Also disabled “vpn conn-remove-tunnel-up” and enabled “vpn conn-remove-on-failover” for new configuration (but does not impact existing deployments)
• SD-RED – Now support multiple DHCP servers for RED interfaces
• SD-WAN Profiles – The Rule-ID and index column are added on the SD-WAN profile management page for easier troubleshooting

Other Enhancements:

• Anti-Malware Engine – Anti-malware engines and associated components were upgraded to full 64-bit operation to provide optimal performance and future support. Note that the secondary malware scan engine, Avira, will no longer provide detection updates for the 32-bit version after December 31, 2022.  Anyone using Avira will need to upgrade to v19 MR1 or v18.5 MR5 (to be released soon) before the end of the year or switch to just using the Sophos engine.
• Synchronized Security – Improved Sophos Central Firewall Management resilience in environments with thousands of endpoint certificates being used for Synchronized Security Heartbeat.
• Email – Added an option to report a spam email as a False Positive from the quarantine release screen
• Sophos Assistant – Added an option to opt-out of the Sophos Assistant
• Additional Fixes – Over 50+ additional performance, stability and security fixes and enhancements are also included

Check out the v19 MR1 release notes for full details.

Important Licensing Change for Future Firmware Updates:

As covered in the recent community blog post, SFOS v19 MR1 introduces a support requirement for firmware upgrades which will come into effect for customers without a valid support subscription after they’ve used an initial free upgrade allocation.

To summarize:

• No change for customers with a valid support subscription (about 80% of customers)
• Future action will be required by the remaining 20% who do not have a support subscription, but also no immediate change

Full Details and FAQs

How to Get it:

The release of v19 MR1 follows our regular firmware release process so you can download it now from MySophos or wait until it appears in your console over the next few weeks.

Sophos Firewall OS v19 MR1 is a fully supported upgrade from v19 GA, all previous versions of v18.5 including the latest v18.5 MR4 and v18 MR3 and later. Please refer to the Upgrade information tab in the release notes for more details.

Because the first MR-1 had bugs in the first release of MR-1 (Build 350 – do not install that build!), Sophos has re-released it:

Release notes:

Sophos Firewall OS v19 was released just a few months ago in April, and has already been adopted by a huge number of partners and customers who have upgraded to take advantage of the many Xstream SD-WAN and VPN enhancements.

This latest update, v19 MR1 Build 365, brings a number of additional enhancements and fixes to what is already one of our best firewall updates ever:

What’s New in SFOS v19 MR1 Build 365:

VPN and SD-WAN Enhancements:

• SSLVPN Remote Access – Static IP lease support to enable mapping of remote users with static IP addresses to improve user traceability, monitoring and visibility. This also includes static IP leases with an external Radius server.
• IPsec VPN Enhancements – includes adding default IPsec site-to-site IKEv2 policies for improved head office to branch office tunnels, eliminating manual fine tuning for re-key interval, dead peer detection (DPD) action and key negotiation. Defaults were also updated to prevent flapping of UDP connections (VoIP, Skype, RDP, Zoom, etc.).  Also disabled “vpn conn-remove-tunnel-up” and enabled “vpn conn-remove-on-failover” for new configuration (but does not impact existing deployments)
• SD-RED – Now support multiple DHCP servers for RED interfaces
• SD-WAN Profiles – The Rule-ID and index column are added on the SD-WAN profile management page for easier troubleshooting

Other Enhancements:

• Anti-Malware Engine – Anti-malware engines and associated components were upgraded to full 64-bit operation to provide optimal performance and future support. Note that the secondary malware scan engine, Avira, will no longer provide detection updates for the 32-bit version after December 31, 2022.  Anyone using Avira will need to upgrade to v19 MR1 or v18.5 MR5 (to be released soon) before the end of the year or switch to just using the Sophos engine.
• Synchronized Security – Improved Sophos Central Firewall Management resilience in environments with thousands of endpoint certificates being used for Synchronized Security Heartbeat.
• Email – Added an option to report a spam email as a False Positive from the quarantine release screen
• Sophos Assistant – Added an option to opt-out of the Sophos Assistant
• Additional Fixes – Over 50+ additional performance, stability and security fixes and enhancements are also included

Issues fixed in the re-release of v19 MR1:

• NC-100681 [IPS Engine] Increase in snort memory with ATP pattern updates
• NC-94019/ NC-100737 [Wireless] Inbound traffic for hosts connected on Wi-Fi SSID on Separate zone is dropped by firewall rule ID 0, and outbound traffic may experience slowness
• NC-100971 [IPsec] Migration fails from v19.0 GA to v19.0 MR1 Build 350
• NC-81131 [Reporting] Last access time is not generated when there is user present with username that has xss payload
• NC-100679 [CDB-CFR, Reporting] “INSERT INTO available_login_eventv6%” error in postgres.log causing conf partition to rise

Check out the v19 MR1 Build 365 release notes for full details.

Important Licensing Change for Future Firmware Updates:

As covered in the recent community blog post, SFOS v19 MR1 introduces a support requirement for firmware upgrades which will come into effect for customers without a valid support subscription after they’ve used an initial free upgrade allocation.

To summarize:

• No change for customers with a valid support subscription (about 80% of customers)
• Future action will be required by the remaining 20% who do not have a support subscription, but also no immediate change

Full Details and FAQs

How to Get it:

The release of v19 MR1 Build 365 follows our regular firmware release process so you can download it now from MySophos or wait until it appears in your console over the next few weeks.

Sophos Firewall OS v19 MR1 Build 365 is a fully supported upgrade from v19 GA and v19 MR1 Build 350, all previous versions of v18.5 including the latest v18.5 MR4 and v18 MR3 and later. Please refer to the Upgrade information tab in the release notes for more details.

Sophos has released a minor update for UTM:

Release notes:

We’ve just released SG UTM version 9.712. As usual, the release will be rolled out in phases:

• In phase 1 you can download the update package from our download server. Click the link and navigate to the folder UTM / v9 / up2date.
  • Up2data package – 9.7.11 to 9.7.12 https://download.astaro.com/UTM/v9/up2date/u2d-sys-9.711005-712012.tgz.gpg
• Md5sum is 56ecacda8a5f3c008c86b6b87fac8263: https://download.astaro.com/UTM/v9/up2date/u2d-sys-9.711005-712012.tgz.gpg
• During phase 2 we will make it available via our Up2Date servers in several stages.
• In phase 3 we will make it available via our Up2Date servers to all remaining installations.

News

• Maintenance release
• Security release

Remarks

• System will be rebooted
• Configuration will be upgraded

Issues resolved

• NUTM-13504 [WAF] Enforce usage of valid Let’s Encrypt root CA
• NUTM-13496 [Basesystem] Openssl vulnerability. The UTM software is not vulnerable to this CVE. – CVE-2022-1292
• NUTM-13376 [Basesystem] DHCP Relay not working after upgrade to 9.704
• NUTM-13227 [Basesystem] uriparser vulnerabilities- Multiple CVEs
• NUTM-13215 [AWS] AWS Pay-As-You-Go license expires on C5/M5 instances
• NUTM-12872 [Basesystem] LibXML vulnerability – CVE-2021-3541

Link to Full Release Notes: Sophos Release Notes

Been using my Apple TV Remote to control my soundbar via IR for years, and one day it suddenly stopped working.

I could control the Apple TV with no problem, with the same remote, but the IR part of the remote stopped working, I even used the IR TEST to test  but there was no light comming from the remote, like we can see here, where it is working with another remote:

I used the support article from Apple to reset the remote:

If your Apple TV remote isn’t working – Apple Support

1. Press and hold the TV/Control Center button  and the Volume Down button  at the same time. Hold the buttons down for about 5 seconds, or until the status light on Apple TV turns off then turns on again.
2. Release the buttons, then wait 5–10 seconds. A Connection Lost notification will appear on your TV screen.
3. After your remote restarts, a Connected notification will appear on your TV screen.

After this, it all worked again

Microsoft is investigating two reported zero-day vulnerabilities affecting Microsoft Exchange Server 2013, 2016, and 2019. The first vulnerability, identified as CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability, while the second, identified as CVE-2022-41082, allows remote code execution (RCE) when PowerShell is accessible to the attacker.

At this time, Microsoft is aware of limited targeted attacks using the two vulnerabilities to get into users’ systems.  In these attacks, CVE-2022-41040 can enable an authenticated attacker to remotely trigger CVE-2022-41082. It should be noted that authenticated access to the vulnerable Exchange Server is necessary to successfully exploit either of the two vulnerabilities.

Read more here and how to mitigate:

Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server – Microsoft Security Response Center

Microsoft Exchange Online Customers do not need to take any action.