Now it’s done, here are the full release notes:
- SF 18.0 GA (18.0.0.321)
News
- Feature Release
- .
- Xstream Architecture (Xstream SSL Inspection, Xstream DPI Engine, Xstream Network Flow FastPath)
- SD-WAN Policy-based Routing enhancements, SD-WAN Application Routing and Synchronized SD-WAN
- Sandstorm Threat Intelligence Analysis and Reporting
- Sophos Central Firewall Reporting and Management
- NAT Enhancements
- Firewall Rules Management Improvements
- Route-based VPN
- High Availability (HA) Enhancements
- Email or SNMP Alerts and Notifications and SNMPv3
- Radius Timeout with Two-Factor Authentication
- Actionable Log Viewer
- Bridge Interface Enhancements (ARP broadcasts, Spanning Tree Protocol (STP) traffic, and filter non-IP protocols)
- Advanced inter-VLAN routing and bridging (VLANs on Bridge)
- Flow Monitoring Improvements
- Interface Renaming
- Secure Syslog and Logs in the Standard Syslog Format
- VMware Tools (v10.3.10) Upgrade and Integration With VMware Site Recovery Manager (SRM)
- Jumbo Frame Support
- Enhanced DDNS Support
- Kerberos Authentication and NTLM
- Intelligent IPS Signature Selection
- Browsing quotas in web policies
- Wildcard Domain Support in WAF
- DKIM and BATV Anti-Spam Protection
- .
- For more details, please refer release notes here https://docs.sophos.com/nsg/sophos-firewall/18.0/releasenotes/en-us/nsg/sfos/releasenotes/rn_NewFeatures.html
Resolved issues
- NC-33664 [App Signature] Unable to block Psiphon
- NC-42675 [Authentication] access_server returns ‘Login Failed’ if two awarrenhttp threads call in at same time
- NC-44686 [Authentication] Import/export of AUTHCTA has missing and incorrect values
- NC-48116 [Authentication] Importing users via csv file with special character in password fails
- NC-50521 [Authentication] User group assignment issue with LDAP users
- NC-54642 [Authentication] Authentication not working due to high CPU utilization of access_server
- NC-50136 [Backup-Restore] ISP failover for 2 PPPoE connections is not working for local LAN systems
- NC-51979 [Backup-Restore] Can’t reflect time zone from restoring backup file after factory resetting
- NC-32336 [Base System (deprecated)] gpg vulnerability (CVE-2018-12020)
- NC-42490 [Base System (deprecated)] Validation function for legacy objects does not get called
- NC-55640 [Bridge] Firewall rule id not matching if traffic is going into wifi interface
- NC-45935 [Certificates] Fingerprint not updated on Default CA regenerate event
- NC-49023 [Certificates] Webproxy signing with non default certificate when using HTTPS Scanning
- NC-54562 [Certificates] CAs are missing after update from v18 EAP2 to EAP3
- NC-29869 [Clientless Access(HTTP/HTTPS)] “Internal Server Error” after adding many VPN bookmarks
- NC-48516 [Config Migration Framework] Configuration migration log on console is wrong in case of failed migration
- NC-55270 [Config Migration Framework] Report migration failed
- NC-49648 [CSC] API Get BridgePair requests sometimes report incorrectly “No. of records Zero.”
- NC-52857 [CSC] One time scheduler doesn’t work as expected in case of DST
- NC-51717 [DDNS, Email] DDNS uses wrong IP when interface is configured with PPPoE + Alias
- NC-38763 [DHCP] IP not leased to DHCP only interface when update from stateless
- NC-38795 [DHCP] IPv6 not removed from DB while disable DHCPv6 manage flags from RA server
- NC-38930 [DHCP] Editing DHCPv6 interface with auto configuration does not get IP from DHCPv6 server
- NC-39157 [DHCP] DHCPv6 client option “Accept other configuration from DHCP” is not working
- NC-50214 [DHCP] DHCP server dead with specific configuration
- NC-51957 [Documentation] Showing fastpath load failed with command “console> system firewall-acceleration show”
- NC-48712 [Email] Antivirus service in stopped state, cannot recover it
- NC-51340 [Email] Mailscanner child process causing OOM events when editing blocked senders list
- NC-51347 [Email] Error message “undefined” received when trying to add host
- NC-51883 [Email] API error 599 when performing GetRequest for various email modules
- NC-52212 [Email] Reject/Drop action not work correctly for oversized mails
- NC-53016 [Email] Email Blocked Senders cannot be updated
- NC-55138 [Email] SAVI AV update failed
- NC-22659 [Firewall] IPtable chains not created for firewall rule whose name contains blackslash ‘\\\\\’
- NC-30482 [Firewall] DNAT rules stop working after every reboot when migrating from UTM to SFOS
- NC-36616 [Firewall] Firewall group not available in APIhelpdoc
- NC-37775 [Firewall] Configuring over 20 time schedulers on the various firewall rules is causing CSC freeze
- NC-43017 [Firewall] Full config export does not include Security Policy group
- NC-43415 [Firewall] In the firewall rule, types of services are not translated
- NC-48803 [Firewall] Virtual Host update is calling on every FQDN IP update even its not used in virtual host configuration
- NC-49101 [Firewall] Group description delete issue in firewall
- NC-49678 [Firewall] Default ICMP service not matching in policy test tool
- NC-50222 [Firewall] Firewall rule position display is incorrect on rule deletion
- NC-50549 [Firewall] Drop packet does not show all the information for firewall rule ID 0 drop compare to v17.5
- NC-50712 [Firewall] NAT rules UI error
- NC-50949 [Firewall] Wrong ARP behavior in relation to DNAT rules
- NC-51867 [Firewall] Denied firewall logs send to garner for allowed firewall rule even if logging is disabled
- NC-51964 [Firewall] DNAT rule stopped working after every reboot
- NC-52395 [Firewall] Getting wrong username in admin event for firewall rule group name update
- NC-52429 [Firewall] Web access lost for 10+ minutes after HA fail-over
- NC-52638 [Firewall] WAF is not able to connect to webserver via IPsec tunnel
- NC-52662 [Firewall] Continuous receiving ‘fw_fp_invalidate_microflows:459: Queueing invalidate work ffff8801ed1bb5c0’ error in syslog
- NC-52853 [Firewall] Observed feedback channel plugin of garner core dump on XG330
- NC-52873 [Firewall] Kernel warning message ‘RIP: 0010:tcp_send_loss_probe+0x13f/0x1c0’ observed in syslog
- NC-53364 [Firewall] Firewall rules are not getting created correctly using XML API
- NC-53988 [Firewall] Kernel panic on XG450 appliance
- NC-54038 [Firewall] Wrong notification message displayed after disabling firewall rule
- NC-55261 [Firewall] Appliance crashing with Kernel Panic
- NC-55789 [Firewall] Ipuser ipset dumps when user is authenticated via STAS
- NC-47482 [Firmware Management] Firmware mismatch issue – both firmware slots showing same firmware
- NC-52441 [Firmware Management] Some time firmware ‘install’ opcode getting timeout and installation failed
- NC-38800 [HA] Incorrect error message when configure HA A-A with DHCP interface
- NC-39015 [HA] Unable to configure peer administration port for HA A-P when one of IP family of the interface is Dynamic IP assignment
- NC-30485 [Import-Export Framework] Export full configuration some time fails with error – ‘The request could not be completed’
- NC-39229 [Interface Management] XG unsynced with SFM when unbind any interface from SFM
- NC-46514 [Interface Management] Cyberoam backup restore fails when DHCPv6 interface configured
- NC-48450 [Interface Management] Table for interface widget is not visible in control center page
- NC-49938 [Interface Management] Some time traffic drop in bridge mode
- NC-48956 [IPS Engine] Modify IPS TCP Anomaly Detection setting to disabled in default setting
- NC-53875 [IPS Engine] IPS keeps getting started because of page allocation failure
- NC-51568 [IPS-DAQ] Coredump in snort
- NC-52085 [IPS-DAQ] Wget not working for IPv6 sites in bridge mode – SSL decrypt not working
- NC-53363 [IPS-DAQ] Internet traffic hang and all traffic dropped
- NC-52641 [IPS-DAQ-NSE] IPS Service DEAD
- NC-54310 [IPS-DAQ-NSE] CC terminals not establish a connection with server
- NC-29370 [IPsec] Tunnel is getting established even though PFS is disabled on the VPN client side and enabled in SFOS IPsec profile
- NC-49919 [IPsec] Dgd service stopped and unable to start
- NC-33848 [LAG] LAG advanced options not working when LAG is member of Bridge
- NC-40683 [LAG] LAG active mode import-export is not working
- NC-52090 [Logging] LogViewer: “Action is not Allowed” filtering not working in detailed view
- NC-52762 [Logging] LogViewer: system mentioned in upper case
- NC-46114 [Logging Framework] Improper input validation and email notification after failed login (Webadmin, SSH, …)
- NC-50127 [Logging Framework] Garner coredump in HA setup at handle_sync_input
- NC-51942 [Logging Framework] Policy Test Tool not working if firewall rule created with destination network as country or country group
- NC-37839 [nSXLd] Proxy authentication is not cleared after config reload
- NC-37841 [nSXLd] Keywords are not deleted when custom web category is deleted
- NC-54525 [RED] S2S RED tunnel doesn’t established on SFOS after EAP2 to EAP3 upgrade
- NC-28022 [Reporting] Incomplete field names on data anonymization page
- NC-42864 [Reporting] Reports downloaded in PDF format have logo too close to the first line in most pages
- NC-43183 [Reporting] When data anonymization is enabled, scheduled reports are showing “Not available” instead of anonymized string
- NC-45154 [Reporting] Cannot specify hour and minute properly in Detailed Custom Reports
- NC-45236 [Reporting] Reports sent 1 hour later than scheduled
- NC-46178 [Reporting] “Web Risks & Usage Visibility” not showing any data
- NC-49273 [Reporting] Filtering on blocked user activities not working as expected
- NC-52120 [Reporting] Daily Reports are received but it delayed by different time
- NC-52125 [Reporting] UTQ user data is empty in SAR report but populated in GUI dashboard report
- NC-53072 [Reporting] Events reports (Admin, Authentication and System) are not generating due to db query for insert query getting failed
- NC-53369 [Reporting] Application Categories shown as “Unclassified”
- NC-54177 [Reporting] UTQ not generating due to change in web categories names
- NC-48718 [Service Object] Unable to edit service object that is assigned to a firewall rule
- NC-47585 [SFM-SCFM] Backedup ‘central reporting’ config is not maintained after Restoring config
- NC-53043 [SNMP] Wrong data is displayed in SNMP query for CPU usage
- NC-47348 [SSLVPN] LogViewer logs are not generated for ssl vpn connection up or down events
- NC-55228 [SSLVPN] Site2site – SSLVPN client in HA is not initiating connection after active node shut down
- NC-54150 [Static Routing] Data insertion is failing if large number of connections are present and Live Connection page is loaded
- NC-54314 [Static Routing] Negative value is displayed in upstream/downstream bandwidth column
- NC-51673 [UI Framework] User portal redirect loop when using non-standard port
- NC-55193 [VFP-Firewall] Port self test reboots appliance – V18 fastpath
- NC-23045 [WAF] WAF – Increase default TLS version to v1.2
- NC-51952 [WAF] WAF firewall rule update failed after migration from 17.5 MR8 to 18.0 EAP1
- NC-55034 [WAF] Web server timeout of 0 leads to syntax error in reverseproxy.conf
- NC-51156 [Web] Dynamic app filter rules which do not contain any applications is enforced for all applications in WIS
- NC-53402 [Web] Appliance auto reboot due to OOM (out of memory)
- NC-53709 [Web] Tiktok video not working with plain firewall rule with SSL/TLS enabled
- NC-54421 [Web] SSLx Exception based on SAC does not work
- NC-44346 [WWAN] Celullar WAN does not takeover again on failover