VMWARE released vSphere 6.7, getting a lot of new functions and improvements, this also gives us a new vCenter Server Appliance.
In many smaller setups, we run what is called and embedded appliance, where all vSphere vCenter Server funtionalites coexist on one single VM, this is VMWARE’s guide how to upgrade and embedded appliance 
VMWARE’s blog post, about 6.7:
https://blogs.vmware.com/vsphere/2018/04/introducing-vmware-vsphere-6-7.html
For thoose who had not had the time to get to know Azure Storage Explorer (ASE) yet, this may help people get on their way.
When you create Storage Accounts in Azure and thereafter want to have in ex. a BLOB (Binary Large OBjects) and have created a container for this, you are ready to go
You can download Storage Explorer here: https://azure.microsoft.com/en-us/features/storage-explorer/
Install it, it’s just plain “next next next” and when you see this, it’s installed:
Go ahead and launch it:
For this demo we will use a connection string, but there are several other methods to connect to it, so let’s head over to the Azure Portal:
So we head over to our Storage Account –> Settings –> Access keys, here we copy-paste the Connection String from “key1” (Sorry for masking so much 
)
press Next:
Press “Connect”:
And now we’re in!
From here, you can see all allocated storage, on that Storage Account you created, you can upload files and folders, manage access policies, set public access level and much much more.
It’s a must-have tool, when you work with storage accounts in Azure
Sophos has pushed a new update for SUM as GA today, it’s a minor fix, correcting theese problems:
Up2Date 4.308002 package description:
Remark:
System will be rebooted
News:
Maintenance Release
Bugfixes:
Fix [NSU-192]: [accd] Missing validation for URL Filtering Categories on empty Sub-Categories
Fix [NSU-270]: [gateway manager] Import of file extensions for a filter action fails on SUM
RPM packages contained:
ep-commandcenter-4.28-1977.gd22b763.i686.rpm
ep-webadmin-4.28-1977.gd22b763.i686.rpm
u2d-tib-9-15578.i686.rpm
ep-release-4.308-2.noarch.rpm
Maybe you have heard of the great monitoring tool, called PHP Server Monitor, it’s a great FREE tool to monitor your services from the outside, requirements are simple:
And it can be downloaded here: https://github.com/phpservermon/phpservermon/releases/latest
Well where does the free Azure part come in?
Azure uses serviceplans, and one of the is free:
App Service Plans | Microsoft Azure
This free plan, can be used with a WebApp, so let get thing done in Azure:
Login to the Azure Portal and choose to create a new WebApp:
The App name you chosse, will be the URL for your free website, so choose wisely, it will tell you, if the name you try to pick, is occupied:
Then click “App service plan/location” and choose “Create New”
Fill in the name and click “Pricing Tier”
Choose the free plan “F1” and click Apply.
Click “OK”
Click “Create” and wait for Azure to deploy the new site.
(Remember only Windows can run on the free plan, not Linux, but PHP is still supported!)
Check if things are working:
Open browser and ty pe the URL you just made:
Then go and add free SSL to your site with redirect and TLS 1.2:
No need to press save or OK, its done automatically.
Now we need to setup FTP access:
Fill in the fields and press save, head to the “overview” pane, left side:
Here you have the infos.
Connect to to the FTP site with your favorite FTP client and upload to the wwwroot (/site/wwwroot) directory, the files you downloaded from PHP Server Monitor (extracted).
Next, as PHP Server Monitor use MySQL, we will enable the In the portal:
Press “ON” and “MySQL general log ON” and SAVE and you have MySQL features
Now comes the tricky part, Azure do no provide direct access for MySQL, and furthermore, they use a non standard MYSQL port, so we need to fetch theese informations from Azure, this can be done by modifying the config.php of PSM to the following:
<?php
$servername = "";
$username = "";
$password = "";
$dbname = "";
// Parsing connnection string
foreach ($_SERVER as $key => $value) {
if (strpos($key, "MYSQLCONNSTR_") !== 0) {
continue;
}
$servername = preg_replace("/^.*Data Source=(.+?);.*$/", "\\1", $value);
$dbname = preg_replace("/^.*Database=(.+?);.*$/", "\\1", $value);
$username = preg_replace("/^.*User Id=(.+?);.*$/", "\\1", $value);
$password = preg_replace("/^.*Password=(.+?)$/", "\\1", $value);
}
define('PSM_DB_PREFIX', 'monitor_');
define('PSM_DB_USER', $username);
define('PSM_DB_PASS', $password);
define('PSM_DB_NAME', $dbname);
define('PSM_DB_HOST', $servername);
define('PSM_DB_PORT', '');
define('PSM_BASE_URL', '');
define('PSM_DEBUG', false);
// IP addresses that may run the CRON
$PSM_CRON_ALLOW = array("xxx.xxx.xxx.xxx","yyy.yyy.yyy.yyy");The custom MySQL port number, will be delivered in the $servername in the format “hostname:port” so when port changes your system will auto-adapt, therefore is PSM_DB_PORT blank thus needed to be stated for PSM, else it will not work
Go ahead and test it out, visit:
https://yourname.azurewebsites.net/install.php
You should see this:
Press “Let’s go”
After you have typed the credentials you want to use with PSM, you should see this.
Continue the setup, login to the portal and you get this page:
So now PSM is working……..not quite!
We need to setup a cron job! Else nothing will run and check your monitored systems!
There is Azure Webjobs, who actually can do this, you can also set it up, it works, but efter some hours, it’s stopping, claiming that your website have to have “Always-on” enabled for Webjobs to run, hey, let’s go and enable Always-On:
Dammit, that’s not supported in the Free Service Plan, why aren’t whole Azure free
So what to do now, we need something to visit this URL every 5 minutes:
https://yourname.azurewebsites.net/cron/status.cron.php
I have searched the net, you can run it locally, but when your net goes down, nothin would activate the poller, so i found this one, which is ALSO free
Go create an account and set it up:
But as we not want everyone to activate our cron, remember the settings in config.php?
// IP addresses that may run the CRON
$PSM_CRON_ALLOW = array(“xxx.xxx.xxx.xxx”,”yyy.yyy.yyy.yyy”);
Go to https://cron-job.org/en/faq/
Here we find this:
So add this IP to your CRON statement in config.php.
Remember, PSM will throw this error message at you, if the IP received is wrong :
But this is to get rid of bots, “hackers” a.s.o.
Check the logs at cron-job for it:
All is good
Now go into PSM and setup the servers / services you want to monitor and choose your notification services (email, sms and pushover)
test it out, if it works now, you are all done and have a nice and free monitor solution….running in AZURE
Veeam has released Update3a for Backup and Replication 9.5, see more here:
Release Notes for Veeam Backup Replication 9.5 Update 3a
Please confirm that you are running version 9.5.0.580, 9.5.0.711, 9.5.0.802, 9.5.0.823, 9.5.0.1038, 9.5.0.1335 or 9.5.0.1536 prior to installing this update. You can check this under Help | About in Veeam Backup & Replication console. After upgrading, your build number will be 9.5.0.1922.
To upgrade from 9.0 or earlier version, download version 9.5 ISO image, and consult the User Guide’s upgrade section.
As the result of an on-going R&D effort, and in response to customer feedback, Veeam Backup & Replication 9.5 Update 3a features a large number of enhancements, the most significant of which are listed below.
Platform support
VMware vSphere
Microsoft Azure
Linux File Level Recovery
Primary Storage Integrations
Tape
Veeam Cloud & Service Provider partners
Veeam Backup & Replication 9.5 Update 3a also includes enhancements and bug fixes for service providers offering Veeam Cloud Connect services, and managing backup servers with Veeam Availability Console. For the full change log, please see this topic on the private Veeam Cloud & Service Provider (VCSP) forum. Not a member of the VCSP forum? Click here to join.
Update 3a also resolves the following common support issues:
UPDATE: 20/7-2018: So far 9.510-4 breaks mailmanager and TLS when you use “Callout”, so you should wait for a fix 
Sophos released a bigger maintenance update for the UTM yesterday, it’s a soft-release, so it has not been rolled out yet, you can download it from FTP:
ftp://ftp.astaro.com/UTM/v9/up2date/u2d-sys-9.509003-510004.tgz.gpg
Up2Date 9.510004 package description:
Remarks:
System will be rebooted
Configuration will be upgraded
Connected APs will perform firmware upgrade
Connected REDs will perform firmware upgrade
News:
Maintenance Release
Bugfixes:
Fix [NUTM-8273]: [Basesystem] Inconsistent reporting data in hot standby environment
Fix [NUTM-9089]: [Basesystem] ulogd restarting randomly
Fix [NUTM-9423]: [Basesystem] Missing DMI info or missing WiFi card should turn status LED red for desktop refresh models
Fix [NUTM-9516]: [Basesystem] CVE-2017-3145: BIND vulnerability
Fix [NUTM-9764]: [Basesystem] multiple NTP vulnerabilities
Fix [NUTM-9862]: [Basesystem] CVE-2018-8897: Don’t use IST entry for #BP stack
Fix [NUTM-9944]: [Basesystem] ‘ethtool -p’ is not working for shared port
Fix [NUTM-9945]: [Basesystem] SG/XG 125/135 upper 4 ports LEDs at front and rear side not behaving as expected
Fix [NUTM-9286]: [Email] CVE-2011-3389: SSL/TLS BEAST Vulnerability And Weak Algorithms
Fix [NUTM-9460]: [Email] Quarantine unscannable and encrypted content not working as expected
Fix [NUTM-9539]: [Email] SMTP callout with TLS does not work
Fix [NUTM-9627]: [Email] Parent proxy for WAF (ctipd) not applied without active e-mail subscription
Fix [NUTM-9771]: [Email] Redesign TFT detection to decrease false positives/negatives
Fix [NUTM-9836]: [Email] HSTS usage breaks Quarantine Report release link
Fix [NUTM-9789]: [Logging] Not able to archive logs using SMB share
Fix [NUTM-8969]: [Network] Inconsistent DHCP leases in WebAdmin
Fix [NUTM-9049]: [Network] Cannot change IPv4 interface as IPv6 gateway is required
Fix [NUTM-9194]: [Network] Static route switching to different VLAN
Fix [NUTM-9646]: [Network] eth0 is falsely marked “dead” when running “hs” on slave
Fix [NUTM-9739]: [Network] Network monitor restarting on slave nodes
Fix [NUTM-9795]: [RED] RED50 issue with large packets in Transparent/Split mode
Fix [NUTM-9607]: [Reporting] Upper case umlauts in PDF Executive Reports are not displayed correctly
Fix [NUTM-9624]: [Reporting] WAF – Top attackers won’t be displayed after upgrade to v9.5
Fix [NUTM-9719]: [SUM] Web Protection service shown as down in SUM
Fix [NUTM-9547]: [UI Framework] UserPortal does not correctly detect browser specified preferred language for Chinese Simplified
Fix [NUTM-9527]: [WAF] Fix mod_url_hardening stack corruption
Fix [NUTM-8038]: [WebAdmin] WebAdmin not available
Fix [NUTM-9232]: [WebAdmin] Sometimes ‘backend connection failed’ while login
Fix [NUTM-9529]: [WebAdmin] Role with ‘Web Protection Manager’ rights can’t access Aplication Control
Fix [NUTM-9689]: [WebAdmin] Report Auditor role is unable to open the dashboard
Fix [NUTM-5293]: [Web] Google is missed in the Search Engines reports
Fix [NUTM-6240]: [Web] FTP download through HTTP Proxy in standard mode not possible
Fix [NUTM-9039]: [Web] Connections may fail when using upstream proxies due to “Proxy-Connection” header being sent
Fix [NUTM-9399]: [Web] Classification for Windows Updates differs between AFC and conntrack
Fix [NUTM-9413]: [Web] Unable to upload certificate to “Local Verification CAs”
Fix [NUTM-9491]: [Web] HTTP Proxy coredumps with SIGABRT
Fix [NUTM-9549]: [Web] Proceeding after content warning results in display issues on redirected pages
Fix [NUTM-9599]: [Web] HTTP Proxy requests stuck without appropriate timeout
Fix [NUTM-9630]: [Web] Fallback log flooded with samlogon cache timeout messages
Fix [NUTM-9664]: [Web] Country blocking exception not working when HTTP Proxy is using SSO
Fix [NUTM-9720]: [Web] Can’t proceed content warning for MIME types if URL contains spaces
Fix [NUTM-9745]: [Web] HTTP Proxy coredumps with SIGSEGV
Fix [NUTM-7628]: [Wireless] Wireless clients frequently failing to connect with STA WPA failure reason code 2
Fix [NUTM-8946]: [Wireless] APs displayed as inactive in WebAdmin while clients can connect
Fix [NUTM-9591]: [Wireless] Both local WiFi using 2.4GHz band and same channel in default configuration
Fix [NUTM-9592]: [Wireless] Unable to broadcast same SSID on both LocalWifi0 and LocalWifi1
Fix [NUTM-9594]: [Wireless] Incorrect channel information showing on overview for LocalWifi
Fix [NUTM-9608]: [Wireless] Incorrect generic error message in WebAdmin while configuring band for wireless network
Fix [NUTM-9638]: [Wireless] Both local WiFi AP named ‘Local’
Fix [NUTM-9731]: [Wireless] Not able to configure channel 12 and 13 on newer desktop models
Fix [NUTM-9735]: [Wireless] Set default channel width to 40MHz for 5GHz band
Fix [NUTM-9737]: [Wireless] SGw appliances missing frequency definitions for Nigeria
RPM packages contained:
libsaviglue-9.50-31.g5e3c21d.rb5.i686.rpm
cm-nextgen-agent-9.50-16.gc08104a.rb5.i686.rpm
firmwares-bamboo-9400-0.293035296.g3733ac8.rb2.i586.rpm
hostapd-2.2-1.0.287145451.ga02be97.rb6.i686.rpm
modurlhardening-9.50-222.g4fa60fe.rb6.i686.rpm
perf-tools-3.12.74-0.292688430.ga5ef2ae.rb5.i686.rpm
red-firmware2-5125-0.282730588.g354eda3d8.rb7.noarch.rpm
red15-firmware-5125-0.282730547.g89c84b337.rb10.noarch.rpm
samba-4.6.8-4.gae6a03c.rb2.i686.rpm
ulogd-2.1.0-133.g0d89a85.rb5.i686.rpm
ep-reporting-9.50-54.g9e81107.rb4.i686.rpm
ep-reporting-c-9.50-151.g7de2457.rb3.i686.rpm
ep-reporting-resources-9.50-54.g9e81107.rb4.i686.rpm
ep-awed-9.50-58.g7de6526.rb5.i686.rpm
ep-branding-ASG-afg-9.50-78.gabee2c3.noarch.rpm
ep-branding-ASG-ang-9.50-78.gabee2c3.noarch.rpm
ep-branding-ASG-asg-9.50-78.gabee2c3.noarch.rpm
ep-branding-ASG-atg-9.50-78.gabee2c3.noarch.rpm
ep-branding-ASG-aug-9.50-78.gabee2c3.noarch.rpm
ep-confd-9.50-1822.g447351b3.i686.rpm
ep-ha-daemon-9.50-5.g7d07dcc.rb5.i686.rpm
ep-init-9.50-38.g352a07a.rb8.noarch.rpm
ep-libs-9.50-33.g690bd32.rb9.i686.rpm
ep-logging-9.50-18.g10653ef.rb3.i686.rpm
ep-mdw-9.50-1060.gc9c553bb.rb9.i686.rpm
ep-postgresql92-9.50-109.g359d1c5.rb8.i686.rpm
ep-postgresql92-64-9.50-109.g359d1c5.rb7.x86_64.rpm
ep-screenmgr-9.50-3.g07035cc.rb46.i686.rpm
ep-utm-watchdog-9.50-88.ge2d9ca8.rb2.i686.rpm
ep-webadmin-9.50-1412.g7a6726620.rb10.i686.rpm
ep-webadmin-contentmanager-9.50-84.g749571d.rb20.i686.rpm
ep-chroot-httpd-9.50-37.g1cad00c.rb4.noarch.rpm
ep-chroot-smtp-9.50-149.g1ad0a54.rb2.i686.rpm
chroot-bind-9.10.7-0.292458892.g9711d3a.rb2.i686.rpm
chroot-ntp-4.2.8p11-0.gc174a78.rb3.i686.rpm
ep-httpproxy-9.50-547.g1f8aab75.rb3.i686.rpm
kernel-smp-3.12.74-0.292688430.ga5ef2ae.rb5.i686.rpm
kernel-smp64-3.12.74-0.292688430.ga5ef2ae.rb5.x86_64.rpm
ep-release-9.510-4.noarch.rpm
As there have been som bugs in 9.510-4, Sophos released a minor bugfix update for theese:
Up2Date 9.510005 package description:
Remark:
System will be rebooted
News:
Hotfix Release
RPM packages contained:
ep-webadmin-9.50-1416.gb92b94217.i686.rpm
chroot-smtp-9.50-24.gb41bc0f8.rb3.i686.rpm
ep-release-9.510-5.noarch.rpm
It fixes this:
But as 9.510-4 is removed, please, if you have 9.509, go directly to 9.510-5:
http://ftp.astaro.de/UTM/v9/up2date/u2d-sys-9.509003-510005.tgz.gpg
For thoose who already are on 9.510-4:
http://ftp.astaro.de/UTM/v9/up2date/u2d-sys-9.510004-510005.tgz.gpg
Complete release notes:
Today we’ve released UTM 9.510. The release will be rolled out in phases. In phase 1 you can download the update package from our FTP server, in phase 2 we will spread it via our Up2Date servers.
Update: We replaced the update from 9.509 to 9.510 on our FTP server to address two issues. We also uploaded the update for all who have installed the previous one.
Due to the latest updates from Microsoft, Azure AD Connect Health for Sync, somhow got “broken” giving headaches for the admins with this:
Microsoft.Online.Reporting.MonitoringAgent.Startup high cpu.
Luckily the fix is simple – go install the LATEST AAD Connect tool, and you are good to go 
https://www.microsoft.com/en-us/download/details.aspx?id=47594
Sophos Partner Portal just released the news about UTM 9.6 coming soon, sadly IKEv2 has been deferred from the 9.6, and maybe it will never arrive, because of the focus is mainly on XG Firewall now, but there are more great news in UTM 9.6:
Taken from: Sophos Partner Portal:
The team has been hard at work on the latest release for SG UTM. UTM 9.6 brings a number of your top requested features and a refreshed product roadmap for version 9.7, 9.8, and 9.9.
Here’s the full list of what’s new in UTM 9.6:
We expect to make the UTM 9.6 release available soon, so watch this space for further announcements. As with all major releases, it will be rolled out to customer systems through our Up2Date service in a staged release process over time.
Roadmap for UTM 9.7, 9.8, and 9.9
For those of you following our roadmap plans closely, you’ll notice that planning our UTM releases out to at least 9.9 is a major new commitment to you, our valued SG UTM partners, as well as to your customers. We want you to know that we are as committed to the SG UTM platform as you are. You may also notice that IKEv2 support did not make the cut for UTM 9.6. After our experience integrating this technology into our XG Firewall platform, we felt that it would unnecessarily delay the release of UTM 9.6, so we’ve deferred it for now and will evaluate it for inclusion in an upcoming release.
As always, your feedback on our roadmap is encouraged and appreciated, so please get in touch with us with your feedback and roadmap priorities via ideas.sophos.com.
Other current top considerations for future releases, based on your input, include email and data protection enhancements for GDPR, an enhanced RestAPI to retrieve status information, machine learning in the on-box antivirus engine and automated IP blacklisting for possible brute force attacks
When you are performing an upgrade from vCenter Server Appliance 6.5 to 6.7, you may see this, after you have filled out, all the details about the source server:
As you double check, you found out, that all infos you have typed, are correct! – But then, what could be wrong?!
Let’s check the suggested installer log:
2018-09-24T06:51:36.940Z – info: Stream :: close
2018-09-24T06:51:36.940Z – info: Password not expired
2018-09-24T06:51:36.943Z – error: sourcePrecheck: error in getting source Info: ServerFaultCode: Failed to authenticate with the guest operating system using the supplied credentials.
2018-09-24T06:51:36.944Z – info: VCHA is not enabled on the source host
2018-09-24T06:51:47.920Z – info: Log file was saved at: E:\installer-20180924-084442575.log
Okay so the password is not expired and it’s either wrong, so what else?
Let’s look at the appliance management page:
https://vcenter.domain.local:5480 –> Administration
Oooups! – And as it have already expired, we cannot change it from the web, so let’s head over for SSH:
Let’s try migrating again:
And we are ready to continue
Community forum:
Download beta:
http://ftp.astaro.com/UTM/v9/beta/u2d-sys-9.510005-570020.tgz.gpg
Sophos has released BETA2 for UTM 9.6:
Today we’ve released UTM 9.6 Beta2 (9.580). You can download the update package from our FTP server (see download information below). Users already running Beta1 (9.570) will be offered the update via our Up2Date servers. ISO images for fresh installs will be available shortly.
Fireware upgrade from BETA1:
http://ftp.astaro.de/UTM/v9/beta/u2d-sys-9.570020-580007.tgz.gpg
UTM 9.6 Beta Community:
If you want to try out XG 17.5 in beta(2), head for this:
Release notes:
Here’s a quick overview of the key new features in v17.5. For a more detailed description please refer to Sophos-XG-firewall-v17.5-whats-new.pdf
extends our Security Heartbeat automated threat isolation to prevent any threat from moving laterally or spreading across the network, even on the same subnet. The firewall instructs all healthy endpoints to completely isolate any unhealthy endpoints.
utilizes Security Heartbeat
to greatly streamline authentication for user-based policy enforcement and reporting in any Active Domain network by eliminating the need for any kind of server or client agent.
such as per-user policy-based control over SafeSearch and YouTube restrictions, teacher enabled block-page overrides, and Chromebook authentication support
adds Sender Policy Framework (SPF) anti-spoofing protection and a new MTA based on Exim which closes a couple of top requested feature differences with SG Firewall.
is enhanced with greatly expanded categories enabling you to better optimize your performance and protection.
including enhanced firewall rule grouping with automatic group assignment, a custom column selection for the log viewer; And revamped online help with learning content approach
including new IPSec failover and failback controls and SD-WAN link failback options.
gets a major update with a variety of new enhancements such as per-machine deployment, a logout option, support for wake from sleep, and MAC address sharing.
is our new IPSec VPN Client that’s free for all XG Firewall customers that makes remote VPN easy for users and supports Synchronized Security.
In addition, coming in a following Maintenance Release we have:
provides support for the new Wave 2 access points providing faster connectivity and added scalability.
for deployments where XG Firewall can’t get updates automatically via an internet connection (due to an “airgap” or physical isolation) – XG Firewall can now be updated via USB.
With v17.5, XG Firewall is also joining Sophos Central. The Early Access Program for Sophos Central Management of XG Firewall is expected to start soon.
You will be able to manage XG Firewall from within Sophos Central along with all your other Sophos Central products. And there’s a few great new features coming along with Sophos Central Management of XG Firewall:
Please post it in this forum with a detailed description and – if possible – with some details how our team can reproduce the behaviour. To increase readability we would like to ask you to use one post per issue.
Our engineering teams check the forum on a regular base.
Sophos has released 9.6
No IKEv2 support this time, but a lot of other new and great features, especially Let’s encrypt integration
It’s being rolled out in phases as usual, so to get it right away, use the download links at the bottom.
Release notes from “https://community.sophos.com/products/unified-threat-management/b/utm-blog/posts/utm-up2date-9-600-released“:
Let’s Encrypt integration
Web Application Firewall (WAF) page customization
Manual Sandstorm submission
Persistent Sandstorm reports
The full release notes can be found on the Sophos Community.
After updating to UTM 9.6, the old content warn HTML template in HTTP Proxy will no longer function correctly. Please download the updated templates, customize them to your needs and re-upload to the UTM. For further details, please see KBA133167.
While the release is in soft-release phase, you can find the up2date package on our FTP server at:
When receiving mails in theese phishing/ceo fraud times, it can be great to use this little neat free feature og your Exchange server:
New-TransportRule -Name ‘Add EXT to all external mails incoming’ -Comments ‘Added 29/11-2018 by Martin F.’ -Priority ‘0’ -Enabled $true -FromScope ‘NotInOrganization’ -PrependSubject ‘[EXT] ‘ -ExceptIfSubjectContainsWords ‘[EXT]’
This will add the word “[EXT]” to EVERY email you get from outside the organisation, so it may be an eye opener for thoose mails coming from your boss, telling you to transfers a lot of money asap
Tested on: Exchange 2010 –> 2016 OK!
Hooray, XG 17.5 has been GA released, this is a promising update, with lateral Movement Protection, a REALLY nice feature, that no other provider can do!
Also the new Sophos VPN client: Sophos Connect is here with this new version, finally you can run IPSEC VPN and SSLVPN in the SAME client
Running with this in the home lab, and it works totally as expected!
Release notes:
Here’s a quick overview of the key new features in v17.5. For a more detailed description please refer to: Sophos-XG-firewall-v17.5-whats-new.pdf
Coming in a following Maintenance Release we have:
You will be able to manage XG Firewall from within Sophos Central along with all your other Sophos Central products. And there’s a few great new features coming along with Sophos Central Management of XG Firewall:
To manually install the upgrade, you can find the firmware for your appliance at MySophos portal. Please see the following KBA – Sophos Firewall: How to upgrade the firmware: KBA 123285.
DANISH CONTENT THIS TIME
Fra 1/1-2019 gælder der nye regler ift. email kryptering i Danmark, disse er udstedt af datatilsynet. Det kan være svært at holde hoved og hale i alle de teknikker der er.
Der nævnes bla. TLS i deres skriv, TLS er ikke 100% sikker mail kryptering, men Datatilsynet oplyser at det, under normale omstændigheder, vil være passende, såfremt man anvender “Forced TLS”, “AES kryptering” og så skal TLS versionen være MIN. 1.2 eller højere…
Husk de fleste mailfiltre anvender “opportunistic TLS”, med mindre de er konfigureret anderledes! – Opportunistic TLS betyder at den PRØVER TLS, men kan den ikke lave end to end med TLS, sender den mailen i REN TEKST! – Så sørg for at få dette clearet med din udbyder / leverandør af mail/spamfilterløsningen.
Der er naturligvis mange andre måder at sikre mails på, disse er også nemt i artiklen herunder:
Running build 1809 of Windows Server 2019, the server still have activation issues, IF you did not specify the product key, during installation.
If you use the GUI, it will fail, no matter what, stating that it cannot reach the company licensing activation server (KMS), but hey, I did not ever specify a KMS key, I have a MAK
The solution is to use the old SLMGR.VBS script, this works..luckily
Just open a command prompt and type:
“cscript c:\windows\system32\slmgr.vbs /ipk <product-key>”
Running Exchange 2019 on Windows Server 2019 Core, is the “new” preferred way to run Excahnge, because of the better performance with core, fewer updates and the smaller attack surface!
So let’s get a Windows Server 2019 Core up and running, choose to installed it without Desktop Experience!
After installation, you will be asked to change password, then after that, you will get the command prompt, go and launch SCONFIG:
Setup the following:
After reboot, we need to do a few things before running the install:
1. Enable File Sharing
To get the Exchange ISO transferred to the core server
“netsh advfirewall firewall set rule group=”File and Printer Sharing” new enable=Yes”
Then access the Exchange server share from remote server with the Exchange ISO:
Start –> Run –> \\EXCH01\c$
2. Mounting the Exchange Server 2019 ISO
Now to mount the Exchange Server 2019 ISO, run the following commands:
Start powershell with “powershell” at the prompt, wait for [PS C:\Users…] prompt, then:
Mount-DiskImage -ImagePath “C:\!INSTALL\EXCH2019.iso”
3. Installing UCMA runtime 4.0
To install UCMA runtime 4.0 as required by the setup of Exchange you can navigate to the UCMARedist folder in the ISO and run the setup.exe file, then run the graphical installer.
4. Installing Visual C++ 2013 Redistributable Package
This package is not on the ISO, so go and download it and run afterwards (Download from remote server and copy to core server as the ISO, is easiest”
https://www.microsoft.com/download/details.aspx?id=40784
5. Install the Server media Foundation Feature
Run this:
“Install-WindowsFeature Server-Media-Foundation”
6. Install Exchange Server 2019
Now go to the drive of the mounted ISO it could be D: or E:, then run the following to run in unattended mode
Setup.EXE /Mode:Install /InstallWindowsComponents /IAcceptExchangeServerLicenseTerms /Roles:MB
This will install Exchange 2019 with all prerequisites automatically!
Then you should see the installation move on it’s way:
After completion, reboot the server, and try to connect to OWA and ECP like usual.
If you ex. run Exchange 2019 i Windows Server Core, it would be great to launch Exchange Powershell module automatically, everytime you launch Powershell on the core server. This can easily be done with this command:
“Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn;”
This works for Exchange 2013, 2016 and 2019