Sophos released MR5 today, MR4 was “skipped” due to it’s use was just for the factory to support new hardware:

It’s a big maintenance release as you can see. For my use case, I have a lot of IPSEC issues that I look forward to be fixed here

Release notes (From community: https://community.sophos.com/products/xg-firewall/b/xg-blog/posts/sfos-17-0-5-mr5-released):

Note: There are a few edge cases where some customers may still experience issues using multiple subnets with a single IPSec connection.  The team is working on those and all the last known issues should be addressed in MR6 which is expected to follow very soon.

Issues Resolved

• NC-23258 [API] System debug logs should not contain sensitive information
• NC-21429 [Authentication] Users don’t show the correct properties from their group after auto-creation
• NC-21820 [Authentication] Make Access Server port (6060) use IP_PKTINFO
• NC-22770 [Authentication] User role cannot change to Administrator for AD Users
• NC-22935 [Authentication] Users are unable to login with CAA
• NC-27199 [Authentication] Access Server crashes with eDirectory
• NC-20765 [Base System] If several SNMP communities exist with same name in XG, all are deleted if you delete one
• NC-22276 [Base System] SNMP Walk delivering inconsistent information
• NC-22323 [Base System] Garner fails to log when multiple threads call gr_io simultaneously
• NC-23073 [Base System] iView v3 doesn’t display any email usage data
• NC-26730 [API, Base System] Unable to change admin password through API
• NC-25793 [Clientless Access] File browser does not load if directory contains a hardlink
• NC-25852 [Clientless Access] UI dialog doesn’t reset after closing and reopen
• NC-21823 [Authentication, Firewall] Live users only displaying 8192 users
• NC-22738 [Firewall, Performance] Firewall page load time increases after adding firewall groups
• NC-22878 [Firewall] Allow user to edit rule while double clicking on the rule
• NC-23254 [Firewall] In TAP mode, management interface doesn’t respond when same traffic is seen on TAP and MGMT
• NC-25628 [Firewall] Appliance inaccessible after restoring backup file from 16.5 MR8 to 17 MR1
• NC-25724 [Firewall] Special character “|” allowed in firewall rule name but then does not allow moving firewall rule within the group
• NC-25965 [Firewall] Unable to delete a proxy-arp entry
• NC-25970 [Framework(UI)] Change React.js to production mode in SFOS release builds
• NC-23212 [HA] Wrong Dedicated Link value is displayed after saving HA Auxiliary configuration
• NC-23077 [Hotspot] Changing hotspot customization type from Full to Basic or Basic to full, removes default voucher template
• NC-26137 [Hotspot] Interfaces not listed correctly for hotspot configuration
• NC-22572 [IPS] “Status” value is empty for IPS logs in log viewer
• NC-26882 [IPS] User can not add IPS Policy Rules to SF with ‘Smart Filter’ option enabled in any IPS policy using SFM
• NC-27230 [IPS] IPS service is in dead state
• NC-23016 [IPsec] RSA connection not working without remote ID and remote gateway ‘*’
• NC-26152 [IPsec] IKEv2 initiator does not try forever if rekeying tries = 0
• NC-26338 [IPsec] VPN failover timeout takes too long
• NC-26339 [IPsec] Remote access with IPsec/PSK can’t be established
• NC-26354 [IPsec] IPsec UP notifications are being sent even though the tunnel is UP for IKEv2
• NC-26582 [IPsec] IPSec tunnel not reinitiated after PPPoE reconnect
• NC-26634 [IPsec] Add validation message for PSK connections with remote ‘*’
• NC-26888 [IPsec] UI – Hostname beginning with a number for VPN remote gateway address is not accepted
• NC-26988 [IPsec] VPN connection can’t be established if the PSK is very long
• NC-26998 [IPsec] Webadmin is very slow after update to SF v17 MR3
• NC-27030 [IPsec] System unresponsive after enabling non-establishing IPsec connections
• NC-27255 [IPsec] 64 characters PSK gets truncated to 57 characters
• NC-26100 [Logging] Typo in “Missing Heartbeat” in log viewer
• NC-19417 [Mail Proxy] Emails have the banner as an attachment instead of inline in the message
• NC-22816 [Mail Proxy] Unable to release quarantined emails – ‘Bad Request’ received
• NC-23049 [Mail Proxy] “Release” link in quarantine digest not obeying configuration settings when SF in HA (A-A)
• NC-25705 [Mail Proxy] Antivirus fails to start after downgrade from v17.0 MR2 to v16
• NC-25808 [Mail Proxy] AwarrenMTA: few mails appear on queue after delivery (DB query fails due to special character)
• NC-26061 [Mail Proxy] IP reputation check is skipped when clubbed with ‘recipient verification’ policy
• NC-26750 [Mail Proxy] RBL scan should be skipped if IP address is in Allowed IP address list
• NC-26773 [Mail Proxy] Incorrect values shown for disk utilization for SMTP quarantine
• NC-21877 [Networking] Remove limit for static IP-MAC mapping in DHCP
• NC-22792 [Networking] Full import export is failing due to specific invalid dhcp config
• NC-25395 [Networking] Wrong port OUT marked while using of primary and secondary gateway
• NC-23178 [nSXLd] URL categorization look up fails
• NC-23206 [nSXLd] Unable to save domain info in customized web categories
• NC-26080 [Reporting] “Internal Server Error” while accessing Web Admin
• NC-25589 [SSLVPN] Username with ‘@’ is not displayed correctly in SSL VPN Client
• NC-22961 [Synchronized App Control] Add customized apps to the “categorized” widget in control center
• NC-25309 [Synchronized App Control] Timestamps for last occurrence should not show seconds
• NC-25950 [Synchronized App Control] Endpoint name is shown wrong after upgrade to MR-2
• NC-25953 [Synchronized App Control] Normalized path is shown instead of filename after upgrade to MR-2
• NC-22750 [UI] Control Center – text wrapped and appears on two lines in Japanese language
• NC-26242 [UI] Web Server Protection >> General Settings tab is not displayed in some languages
• NC-26340 [Up2date Client] Message “New firmware available for AP” shown on dashboard although version is already installed
• NC-21760 [WAF] Ruleid is not set in case of HTTPS host mismatch
• NC-25461 [WAF] Additional cookie from WAF is added without HttpOnly detail
• NC-25633 [WAF] Unable to edit/save WAF rule
• NC-18732 [IPS, Web] Load average is going high on CR300iNG with SFOS v16.5 & v17.0 GA
• NC-22030 [Web] Policy tester does not allow multicast addresses in the URL
• NC-22752 [Web] Range requests cannot download files larger than 2GB
• NC-22993 [Web] TeamViewer not working after upgrading to 16.5 MR7
• NC-23061 [Web] Content Filter details are not displayed with languages other than English
• NC-23082 [Web] Garner segfault occurred in feedback channel plug-in
• NC-25356 [Web] High memory utilization increasing daily on XG430
• NC-25370 [Web] Web Proxy does not work correctly when application filter is set to “Synchronized App Control”
• NC-25397 [Web] Logout option disappears from Captive Portal page
• NC-25582 [Web] Range header in requests should not be validated when AV scanning is not required
• NC-25771 [Web] Gmail: Email attachment upload failed with HTTPS scanning
• NC-26352 [Web] Outlook cert error in explicit mode on dns failures
• NC-25687 [Wireless] Built-in AP is not broadcasting unless it is configured in a separate zone
• NC-26380 [Wireless] Wrong wireless AP status displayed in Control Center