Fixed issues

Issues resolved in build 396:

  • NC-30903 [Authentication] STAS configuration can be edited through the GUI on AUX machine.
  • NC-50703 [Authentication] Access server restarted with coredump using STAS and Chrome SSO.
  • NC-50716 [Authentication] Cannot import LDAP server through the XMLAPI if client certificate is "None".
  • NC-54689 [Authentication] Support download certificate for iOS 13 and above.
  • NC-55277 [Authentication] Service "Chromebook SSO" is missing on Zone page.
  • NC-51660 [Backup-Restore] Restore failed using a backup of XG135 on SG230 appliance.
  • NC-55015 [Bridge] Wi-Fi zone is not displayed while creating bridge.
  • NC-55356 [Bridge] TCP connection fails for VLAN on bridge with HA Active-Active when source_client IP address is odd.
  • NC-52616 [Certificates] Add support for uploading of CRLs in DER format.
  • NC-55739 [Certificates] EC certificate shows up as "RSA" in SSLx CA certificate drop-down list.
  • NC-55305 [CM (Zero Touch)] System doesn't restart on changing time zone when configured through ZeroTouch.
  • NC-55617 [CM (Zero Touch)] Wrong error message in log viewer after ZeroTouch process.
  • NC-55909 [Core Utils] Unable to see application object page on SFM.
  • NC-30452 [CSC] Dynamic interface addresses not showing on AUX after failover.
  • NC-55386 [Dynamic Routing (PIM)] PIM-SM import fails with LAG as dependent entity.
  • NC-55625 [Dynamic Routing (PIM)] In HA with multicast interface, routes are not getting updated in the AUX routing table.
  • NC-55461 [Email] After adding or editing FQDN host with smarthost, it is not displayed on the list until the page is refreshed.
  • NC-58898 [Email] Potential RCE through heap overflow in awarrensmtp (CVE-2020-11503).
  • NC-55635 [Firewall] Display filter for forwarded traffic is not working properly on packet capture page.
  • NC-55657 [Firewall] HA backup restore fails when port name is different in backup and appliance.
  • NC-55884 [Firewall] IPS policy ID and appfilter ID not displaying in firewall allow log in the log viewer.
  • NC-55943 [Firewall] Failed to resume existing connection after removal of heartbeat from firewall configuration.
  • NC-57084 [Firewall] Custom DMZ not listed in dedicated link HA configuration.
  • NC-44938 [Firmware Management, UX] Web UI does not show reasons for firmware upload failure.
  • NC-55756 [Gateway Management] Gateway isn't deleted from SFM UI after being deleted from SFM.
  • NC-55552 [HA] WWAN interface showing in HA monitoring ports.
  • NC-55281 [Import-Export Framework] Full configuration import fails when using third-party certificate for webadmin setting.
  • NC-55171 [Interface Management] VLAN Interface IP is not assigned via DHCP when gateway name uses some special characters.
  • NC-55442 [Interface Management] DNS name lookup showing incorrect message.
  • NC-55462 [Interface Management] Import fails on configuring Alias over VLAN.
  • NC-55659 [Interface Management] Invalid gateway IP and network IP configured using API for IPv6.
  • NC-56733 [Interface Management] Patch PPPd (CVE-2020-8597).
  • NC-51776 [IPS Engine] Edit IPS custom rule protocol doesn't work after creation.
  • NC-51558 [IPsec] Add warning message before deleting xfrm IPsec tunnel.
  • NC-55309 [Logging] Local ACL rule not created through log viewer for IPv4 and IPv6.
  • NC-50413 [Logging Framework] Gateway up event log for PPPoE interface not always shown in the log viewer.
  • NC-55346 [Logging Framework] Clear All for "Content filtering" does not clear SSL/TLS filter option.
  • NC-56831 [Policy Routing] SIP traffic doesn't work at times with SD-WAN policy route.
  • NC-46009 [SecurityHeartbeat] Spontaneous reconnect of many endpoints.
  • NC-51562 [SecurityHeartbeat] Heartbeat service not started after HA failover.
  • NC-52225 [Synchronized App Control] SAC page loading issues as the list of apps increases.
  • NC-54078 [UI Framework] Internet Explorer UI issue on certain rules and policies pages.
  • NC-56821 [Up2Date Client] SSL VPN downloading with 0 KB.
  • NC-54007 [Web] File type block messages sometimes contain mimetype rather than file type.
  • NC-60108 [API Framework] Pre-auth SQLi in API interface OPCODE.
  • NC-59156 [CSC] Traffic not passing after upgrade to SF 18.0 MR1.
  • NC-59300 [Email] Blind pre-auth SQLi in spxd on port 8094.
  • NC-23160 [Firewall] LAN test failed in Port3 in SFLoader for 125/135 desktop model.
  • NC-59586 [Network Utils] Remove MD5 remnant.
  • NC-46109 [RED] No proper forwarding if bridging 3 or more RED site-to-site tunnels on XG Firewall.
  • NC-50796 [RED] All RED site-to-site tunnels restart when configuring one RED interface.
  • NC-60162 [Reporting] Error 500 displayed for web admin console and user portal after HF4.1 applied on virtual XG Firewall.
  • NC-60171 [Security, UI Framework] Admin to super admin privilege escalation.
  • NC-59427 [SFM-SCFM] SQLi in user portal.
  • NC-59932 [UI Framework] Unable to sign in to the user portal or web admin console using IE after HF4.1.
Issues resolved in build 379:
  • NC-59408 [API Framework, UI Framework] SQLi prevention in hybrid request - ORM fields and mode parameters (CVE-2020-12271).
  • NC-58898 [Email] Potential RCE through heap overflow in awarrensmtp (CVE-2020-11503).
  • NC-59300 [Email] Blind pre-auth SQLi in spxd on port 8094.
  • NC-59454 [UI Framework] Enable apache access logs.

Issues resolved in build 354:

  • NC-57910 [Base System (deprecated)] Unable to upgrade from 17.5 MR9 to 18.0 GA.
  • NC-56732 [Firewall] Kernel panic after update to 18.0 GA due to SSLVPN.
  • NC-57067 [IPsec] Sophos Connect lease doesn't support more than 255 IP addresses in the address range.

Issues resolved in build 339:

  • NC-54339 [Config Migration Framework] 17.5 MR10 to 18.0 GA migration support
  • NC-56550 [Policy Routing] SD-WAN policy routing screen smudge with blue strip
  • NC-56201 [RED] Backup/Restore failure from 17.5 MR9 to 18.0 with specific RED configuration
  • NC-56397 [Web] Certificate error received by the user

Issues resolved in build 321:

  • NC-33664 [App Signature] Unable to block Psiphon
  • NC-42675 [Authentication] access_server returns 'Login Failed' if two awarrenhttp threads call in at same time
  • NC-44686 [Authentication] Import/export of AUTHCTA has missing and incorrect values
  • NC-48116 [Authentication] Importing users via csv file with special character in password fails
  • NC-50521 [Authentication] User group assignment issue with LDAP users
  • NC-54642 [Authentication] Authentication not working due to high CPU utilization of access_server
  • NC-50136 [Backup-Restore] ISP failover for 2 PPPoE connections is not working for local LAN systems
  • NC-51979 [Backup-Restore] Can't reflect time zone from restoring backup file after factory resetting
  • NC-32336 [Base System] gpg vulnerability (CVE-2018-12020)
  • NC-42490 [Base System] Validation function for legacy objects does not get called
  • NC-55640 [Bridge] Firewall rule id not matching if traffic is going into wifi interface
  • NC-45935 [Certificates] Fingerprint not updated on Default CA regenerate event
  • NC-49023 [Certificates] Webproxy signing with non default certificate when using HTTPS Scanning
  • NC-54562 [Certificates] CAs are missing after update from v18 EAP2 to EAP3
  • NC-29869 [Clientless Access(HTTP/HTTPS)] "Internal Server Error" after adding many VPN bookmarks
  • NC-48516 [Config Migration Framework] Configuration migration log on console is wrong in case of failed migration
  • NC-55270 [Config Migration Framework] Report migration failed
  • NC-49648 [CSC] API Get BridgePair requests sometimes report incorrectly "No. of records Zero."
  • NC-52857 [CSC] One time scheduler doesn't work as expected in case of DST
  • NC-51717 [DDNS, Email] DDNS uses wrong IP when interface is configured with PPPoE + Alias
  • NC-38763 [DHCP] IP not leased to DHCP only interface when update from stateless
  • NC-38795 [DHCP] IPv6 not removed from DB while disable DHCPv6 manage flags from RA server
  • NC-38930 [DHCP] Editing DHCPv6 interface with auto configuration does not get IP from DHCPv6 server
  • NC-39157 [DHCP] DHCPv6 client option "Accept other configuration from DHCP" is not working
  • NC-50214 [DHCP] DHCP server dead with specific configuration
  • NC-51957 [Documentation] Showing fastpath load failed with command "console> system firewall-acceleration show"
  • NC-48712 [Email] Antivirus service in stopped state, cannot recover it
  • NC-51340 [Email] Mailscanner child process causing OOM events when editing blocked senders list
  • NC-51347 [Email] Error message "undefined" received when trying to add host
  • NC-51883 [Email] API error 599 when performing GetRequest for various email modules
  • NC-52212 [Email] Reject/Drop action not work correctly for oversized mails
  • NC-53016 [Email] Email Blocked Senders cannot be updated
  • NC-55138 [Email] SAVI AV update failed
  • NC-22659 [Firewall] IPtable chains not created for firewall rule whose name contains blackslash '\\\\\'
  • NC-30482 [Firewall] DNAT rules stop working after every reboot when migrating from UTM to SFOS
  • NC-36616 [Firewall] Firewall group not available in APIhelpdoc
  • NC-37775 [Firewall] Configuring over 20 time schedulers on the various firewall rules is causing CSC freeze
  • NC-43017 [Firewall] Full config export does not include Security Policy group
  • NC-43415 [Firewall] In the firewall rule, types of services are not translated
  • NC-48803 [Firewall] Virtual Host update is calling on every FQDN IP update even its not used in virtual host configuration
  • NC-49101 [Firewall] Group description delete issue in firewall
  • NC-49678 [Firewall] Default ICMP service not matching in policy test tool
  • NC-50222 [Firewall] Firewall rule position display is incorrect on rule deletion
  • NC-50549 [Firewall] Drop packet does not show all the information for firewall rule ID 0 drop compare to v17.5
  • NC-50712 [Firewall] NAT rules UI error
  • NC-50949 [Firewall] Wrong ARP behavior in relation to DNAT rules
  • NC-51867 [Firewall] Denied firewall logs send to garner for allowed firewall rule even if logging is disabled
  • NC-51964 [Firewall] DNAT rule stopped working after every reboot
  • NC-52395 [Firewall] Getting wrong username in admin event for firewall rule group name update
  • NC-52429 [Firewall] Web access lost for 10+ minutes after HA fail-over
  • NC-52638 [Firewall] WAF is not able to connect to webserver via IPsec tunnel
  • NC-52662 [Firewall] Continuous receiving 'fw_fp_invalidate_microflows:459: Queueing invalidate work ffff8801ed1bb5c0' error in syslog
  • NC-52853 [Firewall] Observed feedback channel plugin of garner core dump on XG330
  • NC-52873 [Firewall] Kernel warning message 'RIP: 0010:tcp_send_loss_probe+0x13f/0x1c0' observed in syslog
  • NC-53364 [Firewall] Firewall rules are not getting created correctly using XML API
  • NC-53988 [Firewall] Kernel panic on XG450 appliance
  • NC-54038 [Firewall] Wrong notification message displayed after disabling firewall rule
  • NC-55261 [Firewall] Appliance crashing with Kernel Panic
  • NC-55789 [Firewall] Ipuser ipset dumps when user is authenticated via STAS
  • NC-47482 [Firmware Management] Firmware mismatch issue - both firmware slots showing same firmware
  • NC-52441 [Firmware Management] Some time firmware 'install' opcode getting timeout and installation failed
  • NC-38800 [HA] Incorrect error message when configure HA A-A with DHCP interface
  • NC-39015 [HA] Unable to configure peer administration port for HA A-P when one of IP family of the interface is Dynamic IP assignment
  • NC-30485 [Import-Export Framework] Export full configuration some time fails with error - 'The request could not be completed'
  • NC-39229 [Interface Management] XG unsynced with SFM when unbind any interface from SFM
  • NC-46514 [Interface Management] Cyberoam backup restore fails when DHCPv6 interface configured
  • NC-48450 [Interface Management] Table for interface widget is not visible in control center page
  • NC-49938 [Interface Management] Some time traffic drop in bridge mode
  • NC-48956 [IPS Engine] Modify IPS TCP Anomaly Detection setting to disabled in default setting
  • NC-53875 [IPS Engine] IPS keeps getting started because of page allocation failure
  • NC-51568 [IPS-DAQ] Coredump in snort
  • NC-52085 [IPS-DAQ] Wget not working for IPv6 sites in bridge mode - SSL decrypt not working
  • NC-53363 [IPS-DAQ] Internet traffic hang and all traffic dropped
  • NC-52641 [IPS-DAQ-NSE] IPS Service DEAD
  • NC-54310 [IPS-DAQ-NSE] CC terminals not establish a connection with server
  • NC-29370 [IPsec] Tunnel is getting established even though PFS is disabled on the VPN client side and enabled in SFOS IPsec profile
  • NC-49919 [IPsec] Dgd service stopped and unable to start
  • NC-33848 [LAG] LAG advanced options not working when LAG is member of Bridge
  • NC-40683 [LAG] LAG active mode import-export is not working
  • NC-52090 [Logging] LogViewer: "Action is not Allowed" filtering not working in detailed view
  • NC-52762 [Logging] LogViewer: system mentioned in upper case
  • NC-46114 [Logging Framework] Improper input validation and email notification after failed login (Webadmin, SSH, ...)
  • NC-50127 [Logging Framework] Garner coredump in HA setup at handle_sync_input
  • NC-51942 [Logging Framework] Policy Test Tool not working if firewall rule created with destination network as country or country group
  • NC-37839 [nSXLd] Proxy authentication is not cleared after config reload
  • NC-37841 [nSXLd] Keywords are not deleted when custom web category is deleted
  • NC-54525 [RED] S2S RED tunnel doesn't established on SFOS after EAP2 to EAP3 upgrade
  • NC-28022 [Reporting] Incomplete field names on data anonymization page
  • NC-42864 [Reporting] Reports downloaded in PDF format have logo too close to the first line in most pages
  • NC-43183 [Reporting] When data anonymization is enabled, scheduled reports are showing "Not available" instead of anonymized string
  • NC-45154 [Reporting] Cannot specify hour and minute properly in Detailed Custom Reports
  • NC-45236 [Reporting] Reports sent 1 hour later than scheduled
  • NC-46178 [Reporting] "Web Risks & Usage Visibility" not showing any data
  • NC-49273 [Reporting] Filtering on blocked user activities not working as expected
  • NC-52120 [Reporting] Daily Reports are received but it delayed by different time
  • NC-52125 [Reporting] UTQ user data is empty in SAR report but populated in GUI dashboard report
  • NC-53072 [Reporting] Events reports (Admin, Authentication and System) are not generating due to db query for insert query getting failed
  • NC-53369 [Reporting] Application Categories shown as "Unclassified"
  • NC-54177 [Reporting] UTQ not generating due to change in web categories names
  • NC-48718 [Service Object] Unable to edit service object that is assigned to a firewall rule
  • NC-47585 [SFM-SCFM] Backedup 'central reporting' config is not maintained after Restoring config
  • NC-53043 [SNMP] Wrong data is displayed in SNMP query for CPU usage
  • NC-47348 [SSLVPN] LogViewer logs are not generated for ssl vpn connection up or down events
  • NC-55228 [SSLVPN] Site2site - SSLVPN client in HA is not initiating connection after active node shut down
  • NC-54150 [Static Routing] Data insertion is failing if large number of connections are present and Live Connection page is loaded
  • NC-54314 [Static Routing] Negative value is displayed in upstream/downstream bandwidth column
  • NC-51673 [UI Framework] User portal redirect loop when using non-standard port
  • NC-55193 [VFP-Firewall] Port self test reboots appliance - V18 fastpath
  • NC-23045 [WAF] WAF - Increase default TLS version to v1.2
  • NC-51952 [WAF] WAF firewall rule update failed after migration from 17.5 MR8 to 18.0 EAP1
  • NC-55034 [WAF] Web server timeout of 0 leads to syntax error in reverseproxy.conf
  • NC-51156 [Web] Dynamic app filter rules which do not contain any applications is enforced for all applications in WIS
  • NC-53402 [Web] Appliance auto reboot due to OOM (out of memory)
  • NC-53709 [Web] Tiktok video not working with plain firewall rule with SSL/TLS enabled
  • NC-54421 [Web] SSLx Exception based on SAC does not work
  • NC-44346 [WWAN] Celullar WAN does not takeover again on failover