NC-125331 |
Authentication |
Azure AD SSO captive portal authentication is stuck when the web proxy listening
port isn't 3128. |
NC-125589 |
DHCP, DHCP PD |
On-link and autonomous settings are turned off in automatically created RA server
for delegated interface. |
NC-125595 |
DHCP, DHCP PD |
Incorrect error message when creating downstream interface with invalid subnet ID.
|
NC-124414 |
Email |
SPX password exposure in plain text (CVE-2023-5552). |
NC-125369 |
Email |
Exim libspf2 vulnerability (CVE-2023-42118). |
NC-125221 |
RED |
RED doesn't establish site-to-site tunnels when RED server enforces TLS 1.2. |
NC-119334 |
Backup-Restore |
The backup download button is unresponsive. |
NC-118460 |
Dynamic Routing (PIM) |
Clicking PIM-SM interface table shows the error "Unable to read routing
information". |
NC-116220 |
Email |
Awarrensmtp was in failed status, and inbound email wasn't delivered, but a
non-delivery report wasn't sent to senders. |
NC-117638 |
Email |
Emails are quarantined even if the sender address is added in exception. |
NC-124102 |
Email |
Unable to turn off legacy TLS protocols. |
NC-107708 |
Firewall |
Firewall restarts automatically (RIP 0010muser_match+0x747). |
NC-120016 |
Firewall |
Local ACL doesn't work when the name contains the backslash character. |
NC-113034 |
Hardware |
Lost device access to XGS appliances, and logs aren't available. |
NC-116002 |
IPsec, SDWAN Routing |
Branch office users unable to receive an email, mail is slow, IPsec traffic is slow.
|
NC-122180 |
Licensing |
Unable to access web admin console due to license synchronization issue. |
NC-122699 |
nSXLd |
Adding a trailing period at the end of the domain bypasses web policies. |
NC-122511 |
RED |
Vulnerability detected on port 3400. |
NC-119192 |
VFP-Firewall |
Slow speed using Virtio NICs. |
NC-119052 |
WAF |
WAF protection policy's display issue on the web admin console. |
NC-121432 |
WAF |
The /tmp directory doesn't remove files and runs out of space, causing AV scan
failure. |
NC-121415 |
Web |
AVD stops responding after a pattern update because a thread isn't released. |
NC-119829 |
WWAN |
Verizon Mifi 4G USB modem (U620L) doesn't work after an upgrade to 19.5 MR2. |
NC-114104 |
AppFilter Policy |
Application filter policy set to block all applications loses risk criteria when the
template is pushed from Sophos Central. |
NC-107481 |
Authentication |
Log viewer doesn't show the source IP address for authenticated SSL VPN users. |
NC-110927 |
Authentication |
Missing logs for MFA enable-disable events. |
NC-113532 |
Authentication |
Can't remove authorizers from the data anonymization setting. |
NC-114057 |
Authentication |
Match known users option in firewall rule drops traffic because user identity isn't
being marked. |
NC-114950 |
Authentication |
View usage doesn't work when the username has a single quote, and web admin console
stops responding. |
NC-116602 |
Authentication |
Log viewer doesn't show the source IP address when authentication fails for SSL VPN
Users. |
NC-116880 |
Authentication |
When two-factor authentication is on, SSH keys disappear if they're added by an
administrator other than the default admin. |
NC-116881 |
Authentication |
Uploading a certificate when the admin signs in through Azure AD SSO results in a
sign-out. |
NC-119049 |
Authentication |
access_server stops responding due to missing nsgencode multi-thread support. |
NC-119183 |
Authentication |
Transaction failure for eDirectory authentication server. |
NC-119560 |
Authentication |
Mandatory firmware update through the setup assistant causes the initial setup to
start repeatedly. |
NC-94533 |
Certificates |
Attribute challenge password prevents the issue of a certificate with No-IP. |
NC-119825 |
Certificates |
Unable to download the default certificate from Web > General Settings. Results in a
sign-out when admin clicks the download button. |
NC-102256 |
Clientless Access |
VNCFreeRDP stops responding. |
NC-108378 |
Clientless Access |
Clientless access doesn't work if name contains an umlaut character. |
NC-114627 |
Clientless Access |
Unable to connect to RDP over clientless SSL VPN if the username contains a space.
|
NC-115982 |
CM |
Alert appears in Sophos Central. "Firewall has not checked in with Sophos Central
for the past 5 minutes". |
NC-116312 |
CM |
Garner thread stuck in Central Management plugin. |
NC-118749 |
CM |
Specific API call doesn't work. |
NC-119198 |
CM |
Unable to change the password for admin accounts from Sophos Central Firewall
Management. |
NC-120519 |
CM |
Disable Central Management doesn't work per the firewall's API document. |
NC-108562 |
Core Utils |
Public key authentication for admin can't be managed through Sophos Central. |
NC-117314 |
Core Utils |
SWAP memory usage full. |
NC-107388 |
DDNS |
DDNS logs appear every five minutes. |
NC-111790 |
DHCP |
Unable to configure or edit interfaces. |
NC-113102 |
DHCP |
Unable to add static MAC entry for specific DHCP pool. |
NC-109623 |
Dynamic Routing (BGP) |
BGP-FRR doesn't advertise the configured networks if they aren't available in RIB.
|
NC-115369 |
Dynamic Routing (OSPF) |
OSPF repeatedly flaps when running continuous scan with ICMP echo. |
NC-112492 |
Dynamic Routing (PIM) |
PIMD service doesn't respond. |
NC-107283 |
Email |
Awarrensmpt service doesn't respond. |
NC-108237 |
Email |
Spam emails are allowed with the error "spam scanning failed, unable to connect
local antispam". |
NC-108450 |
Email |
Inbound forwarded emails with attachments aren't delivered because of malware scan
failure. |
NC-109625 |
Email |
Inbound emails from specific domains are quarantined because of DKIM verification
failure. |
NC-110897 |
Email |
Error logs when using Sophos as AV in web server protection policy. |
NC-111023 |
Email |
Legacy email mode stops responding frequently. |
NC-112128 |
Email |
Release link settings can't be saved in quarantine digest. |
NC-113038 |
Email |
Mail communication stopped working after upgrading to 19.5 GA. |
NC-113458 |
Email |
MIME type recognition issues when Zero-day protection is turned on. |
NC-113547 |
Email |
Invalid IP address causes error for notification mails. |
NC-116845 |
Email |
Fix occasional UT error in mailpoller. |
NC-116899 |
Email |
Attachment is allowed even if it's blocked in extension or MIME header. |
NC-117881 |
Email |
Antispam service stops responding. |
NC-120138 |
Email |
EmailUtilityis_valid_messageid is too strict. |
NC-101846 |
Firewall |
Connections fail due to a high number of www in FIN_WAIT. |
NC-108536 |
Firewall |
Firewall rules stopped working after backup-restore due to failure of XML API
through which the firewall rules were created. |
NC-109201 |
Firewall |
Device goes into Failsafe mode after upgrade. Unable to apply firewall framework.
|
NC-112136 |
Firewall |
RED connection interrupted when firewall acceleration is turned on in XG 310. |
NC-116527 |
Firewall |
Entities.xml shows a firewall rule that doesn't appear on the web admin console.
|
NC-116890 |
Firewall |
NAT rule doesn't get marked after the firewall restarts. |
NC-116939 |
Firewall |
Pktcapd bpf filter causing device restart (___bpf_prog_run). |
NC-117063 |
Firewall |
Allowed child connection is logged as dropped. |
NC-118204 |
Firewall, SDWAN Routing |
Static multicast packet changes reply destination when SD-WAN policy is applied.
|
NC-85114 |
Firmware Management |
kworker process continuously uses high CPU on XG 450. |
NC-109689 |
FQDN |
Adding a new FQDN host causes the resolver to restart or stop responding and causes
DNS resolution failure during the time. |
NC-111423 |
FQDN |
FQDN resolving with low TTL (2-5 seconds) is creating an issue with wildcard FQDN
host. |
NC-111476 |
FQDN |
Subdomain learning doesn't work for non-SFOS DNS server set for the client. |
NC-117675 |
Gateway Management |
WWAN gateway update flow updates incorrect monitorid when wwan-gwid isn't the same
as its monitorid. |
NC-109626 |
HA |
Standalone device restarts. Too many open files. |
NC-106738 |
Hotspot |
Sort functionality doesn't work properly for hotspot vouchers in the user portal.
|
NC-119525 |
Hotspot |
Valid until time on hotspot sign-in uses UTC instead of local system time. |
NC-120118 |
Hotspot |
Missing information in hotspot voucher created for users. |
NC-116314 |
Interface Management |
Unable to delete or make changes to bridge interface. |
NC-98796 |
IPS-DAQ |
Coredump during DAQ shutdown due to incorrect order of thread stop. |
NC-107329 |
IPS-DAQ |
Snort shows high CPU usage, resulting in low bandwidth. |
NC-114872 |
IPS-DAQ |
Certificate-based authentication failing for server with small RX win. |
NC-115019 |
IPS-DAQ-NSE |
Firewall locks up. Snort core generated. |
NC-119321 |
IPS-DAQ-NSE |
Slow download speed with SSL/TLS inspection turned on along with malware scanning
even if TLS isn't being decrypted. |
NC-107042 |
IPsec |
IPsec VPN path MTU-related connection issues with IPsec acceleration. |
NC-119047 |
IPsec |
SSL/TLS inspection doesn't work for VPN users. |
NC-119898 |
IPsec |
XFRM tunnel remains disabled when both site-to-site and route-based VPNs are up
simultaneously on the same local-remote gateway pair. |
NC-114411 |
IPS Engine |
IPS policy behavior issue in Sophos Central. |
NC-116448 |
L2TP |
A checkbox isn't visible on the first line for L2TP members. |
NC-112138 |
Licensing |
Licenses not synchronizing. |
NC-107504 |
Logging Framework |
Unable to update the pattern file at AirGap sites. |
NC-107975 |
Logging Framework |
Logging stops on device. Database disk image is malformed. |
NC-110678 |
Logging Framework |
Live logs aren't being generated in log viewer. |
NC-113004 |
Logging Framework |
Garner stops responding at init_cache_tree during sync cache. |
NC-114652 |
Logging Framework (Central Reporting) |
After 7200 files, sending files to Sophos Central stops with error on gzclose. |
NC-108003 |
NFP-Firewall |
Memory utilization increases until firewall stops responding. |
NC-100418 |
nSXLd |
Internet down with error "nSXLd Connection timeout while connecting to SXL server".
|
NC-115360 |
nSXLd |
Deleted policy from Sophos Central continues to appear in the firewall. |
NC-117753 |
PPPoE |
Internet through PPPoE doesn't work after HA failover. |
NC-112058 |
RED |
Some reports for RED tunnel on XG Firewall don't load. |
NC-112117 |
RED |
Editing a RED configuration in XG Firewall caused the firewall to become
unresponsive. |
NC-112621 |
RED |
Unable to edit some RED interfaces. |
NC-113005 |
RED |
RED tunnels restart suddenly. |
NC-117243 |
RED |
Disable DHE cipher support for RED. |
NC-117786 |
Reporting |
Security Audit Report score data in email differs from what's shown in the firewall.
|
NC-111110 |
SDWAN Routing |
Import-export doesn't reflect changes in SD-WAN profiles. |
NC-112722 |
SDWAN Routing |
garner.log is flooded with continuous logs for cache failures. |
NC-114075 |
SDWAN Routing |
Connectivity issue when using route-based VPN with SD-WAN Routes or profiles. |
NC-107178 |
SecurityHeartbeat |
Improve license enforcement message for Synchronized Security. |
NC-116531 |
SecurityHeartbeat |
Can't access resources for some time when Security Heartbeat is configured. |
NC-117680 |
SecurityHeartbeat |
Ipset hb_green entry removed without cause. |
NC-111441 |
SSLVPN |
Remote access SSL VPN doesn't work after upgrade. |
NC-112065 |
SSLVPN |
When Azure AD is used as the authentication type, the Authentication > Services page
goes into buffering. |
NC-112211 |
SSLVPN |
/conf/certificate/openvpn directory is missing. |
NC-114163 |
SSLVPN |
Connections from LAN to static SSL VPN IP address are routed through WAN on XGS.
|
NC-117669 |
Firewall |
"Invalid TCP state" logs in HA appliances for traffic coming from the auxiliary
device. |
NC-120190 |
SSLVPN |
Site-to-site SSL VPN connections fail due to the absence of serveruser.conf file.
|
NC-112370 |
Gateway Management |
Error while updating failover rules in WAN link manager. |